12

I used sudoedit to create a file:

 $ sudoedit /etc/systemd/system/apache2.service

but when I went to save the file, it wrote it in a temporary directory (/var/temp/blahblah). What is going on? Why is it not saving it to the system directory?

Improve this question

2 Answers 2

Reset to default
23

The point of sudoedit is to allow users to edit files they wouldn’t otherwise be allowed to, while running an unprivileged editor. To make this happen, sudoedit copies the file to be edited to a temporary location, makes it writable by the requesting user, and opens it in the configured editor. That’s why the editor shows an unrelated filename in a temporary directory. When the editor exits, sudoedit checks whether any changes were really made, and copies the changed temporary file back to its original location if necessary.

Improve this answer
3
  • IIRC some editors will also do basic sanity checks to ensure that no computer-bricking changes were made, but I'm not sure how common that is,. Commented Nov 15, 2018 at 22:56
  • 1
    @NicHartley: It's hard to do that in the general case, because there are so many varied ways to brick your computer. It tends to be application specific, e.g. with visudo for /etc/sudoers. Commented Nov 16, 2018 at 0:34
  • @Kevin Oh, whoops, I think I confused visudo for sudoedit. I knew visudo did it for sure. Thanks for clearing that up! Commented Nov 16, 2018 at 1:10
2

This is nicely explained in the sudo manpage. The description of -e (which sudoedit is equivalent to) says:

-e

The -e (edit) option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken:

  1. Temporary copies are made of the files to be edited with the owner set to the invoking user.
  2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.
  3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.

If the specified file does not exist, it will be created. Note that unlike most commands run by sudo, the editor is run with the invoking user's environment unmodified. If, for some reason, sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.

In particular, note the third step: only if the file has been modified at the end of editing is the original changed. So, if you have a program that watches a file, this can help avoid (a) intermediate writes being picked up, and (b) unnecessary actions if you decided to make no changes in the end.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.