Doing sudo nano will not load your user configuration, sudoedit will. I had plenty of problems with this, but I assume you don’t have any custom configuration.
One reason why sometime I don’t do sudoedit is that I make a lot of changes to the config/restart service/see it works/edit etc… sudoedit only write to the file when exiting, so that flow won’t work…
for example when having adding a new host on nginx and some configuration and see if everything work (sudo vim/systemc nginx restart/curl https:// domain loop)
but yeah in general i’ll just use sudoedit (which alias to se for me) for my root editing
No offense, but that sounds like more OCD behavior. 😅 I don’t need or want protection against myself, and I even loath the whole “that’s not how you’re supposed to do it”-mentality of linux (where when commands know very well what you want, instead of doing it, just tell you you forgot something). 😅
Sure, but sudo is specifically designed with security in mind as a security program, whereas text editors are not (although I am more likely to trust vim than vscode). Running a malicious program as the user and not as root can help mitigate the impact it could do, even though it will still be able to do a lot as a user.
What do you mean get root itself with a modified su? A program that has been run as a user cannot just get root permissions, that’s called a privilege escalation attack and is a serious vulnerability in the kernel which gets fixed quickly when found.
Again, like I replied to the other comment, most of the programs you need root for are designed with security in mind and are inherently more secure and have less vulnerabilities than a non security focused program (that is not to say that it is impossible for a security program to have vulnerabilities -it certainly occurred before and keeps occurring- they just have a lot fewer). But even if you need root permissions for a non security focused program, you still shouldn’t let any program have it, the whole point is to minimize the surface of attack.
It’s not any OCD behavior, but simply the best practices. You’ve probably at least minimally familiar with the principal of least privilege? The idea is to minimize scope of a potential problem , was it malicious attack or user error, by restricting access to minimum required to perform a task. It may feel like fighting pedantically (and I’ve been fighting this more than I’d care to) but it will save your ass one day.
Why?
Files from user: nano
Files from root: sudo nano
Files from another user: sudo nano (and if new sudo chown after)… 😂
Never had any problems with this in over 10 years… 😅😂
Doing
sudo nano
will not load your user configuration,sudoedit
will. I had plenty of problems with this, but I assume you don’t have any custom configuration.One reason why sometime I don’t do sudoedit is that I make a lot of changes to the config/restart service/see it works/edit etc… sudoedit only write to the file when exiting, so that flow won’t work…
for example when having adding a new host on nginx and some configuration and see if everything work (sudo vim/systemc nginx restart/curl https:// domain loop)
but yeah in general i’ll just use sudoedit (which alias to se for me) for my root editing
I just have a root custom config too. 🤷♂️ This even allows me to easily use different configs for root than for the user.
Made with ‘sudo nano’, fyi. 😂
As mentioned, to prevent running your text editor with root permissions. It’s just security optimization
Let me rephrase my question:
Why would I not want to open nano as root?
No offense, but that sounds like more OCD behavior. 😅 I don’t need or want protection against myself, and I even loath the whole “that’s not how you’re supposed to do it”-mentality of linux (where when commands know very well what you want, instead of doing it, just tell you you forgot something). 😅
It’s probably to protect against any potential security vulnerabilities in the text editor program itself, not to protect you from yourself.
Wouldn’t that logic count for anything, including sudo itself?
Sure, but sudo is specifically designed with security in mind as a security program, whereas text editors are not (although I am more likely to trust vim than vscode). Running a malicious program as the user and not as root can help mitigate the impact it could do, even though it will still be able to do a lot as a user.
You assume this malicious code is lame enough not to gain root itself with a modified su.
What do you mean get root itself with a modified su? A program that has been run as a user cannot just get root permissions, that’s called a privilege escalation attack and is a serious vulnerability in the kernel which gets fixed quickly when found.
Any attack is usually non-intended vulnarabilities. Same argument applies to any software, like nano, if it can open doors to your system.
You can say that just about anything.
sudo grub sudo boot sudo root=/dev/disk/linux sudo kernel-6.1.image sudo init sudo elogind sudo xterm sudo bash sudo nano
Again, like I replied to the other comment, most of the programs you need root for are designed with security in mind and are inherently more secure and have less vulnerabilities than a non security focused program (that is not to say that it is impossible for a security program to have vulnerabilities -it certainly occurred before and keeps occurring- they just have a lot fewer). But even if you need root permissions for a non security focused program, you still shouldn’t let any program have it, the whole point is to minimize the surface of attack.
It’s not any OCD behavior, but simply the best practices. You’ve probably at least minimally familiar with the principal of least privilege? The idea is to minimize scope of a potential problem , was it malicious attack or user error, by restricting access to minimum required to perform a task. It may feel like fighting pedantically (and I’ve been fighting this more than I’d care to) but it will save your ass one day.