sudoedit

View documentation for the original command

$ tldr sudo

sudoedit [-AknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-u user] file ...

-A, --askpass
    Prompts the user for a password if required.

-C , --close-from=
    Closes file descriptors greater than or equal to num before executing the editor.

-g , --group=
    Edit the file as if the effective group ID were group. Defaults to root.

-h , --host=
    For proxied commands, specifies the host where the command is to be run.

-k, --reset-timestamp
    Invalidates the user's cached credentials. A password will be required for the next sudo command.

-n, --non-interactive
    Prevents prompts for user input (e.g., password). If a password is required, sudoedit will exit with an error.

-P, --preserve-groups
    Preserves the user's group vector rather than setting it to the target user's default group.

-r , --role=
    Creates a SELinux security context for the command using the specified role.

-S, --stdin
    Reads the password from standard input.

-t , --type=
    Creates a SELinux security context for the command using the specified type.

-u , --user=
    Edit the file as if the effective user ID were user. Defaults to root.

file ...
    One or more files to be edited. These files must be absolute paths or relative to the current working directory.

sudoedit (also aliased as sudo -e) provides a secure way to edit files that require root or another user's privileges. Unlike directly running an editor with sudo (e.g., sudo vi /etc/fstab), which executes the entire editor process with elevated rights, sudoedit operates differently. It makes a temporary copy of the specified file, sets its ownership to the current user, and then invokes the user's preferred editor (determined by SUDO_EDITOR, VISUAL, or EDITOR environment variables) to edit this temporary copy.

Once the user finishes editing and the editor exits, sudoedit verifies that the temporary file has been modified and, if so, copies it back to the original location with the correct permissions and ownership. This approach enhances security by ensuring that the editor itself does not run with elevated privileges, minimizing the attack surface and potential for privilege escalation through misbehaving plugins or scripts within the editor. It's the recommended method for modifying system configuration files securely.

sudoedit relies on the editor process saving changes to the temporary file before exiting. Editors that use aggressive swap files or don't write changes back immediately might not work as expected.
The chosen editor (from SUDO_EDITOR, VISUAL, EDITOR) must be a trusted application. While sudoedit prevents the editor from running as root, a malicious editor could still modify the temporary file in unexpected ways or leak its content.
If the system crashes or the editor is killed ungracefully, temporary files might be left behind, though sudoedit attempts to clean them up.
The user must have sudo privileges configured for sudoedit in /etc/sudoers.

sudoedit determines which editor to use by checking environment variables in the following order: SUDO_EDITOR, VISUAL, and then EDITOR. If none of these are set, a default editor (often vi or nano) is used, as defined by the system's sudo configuration.

The core of sudoedit's security model lies in its temporary file strategy. When invoked, it performs these steps:
1. Copies the target file to a secure, temporary location (e.g., /var/tmp/sudoedit.#####).
2. Changes the ownership of the temporary copy to the current user.
3. Invokes the user's specified editor on this temporary file.
4. Waits for the editor to exit.
5. If the temporary file was modified, sudoedit then copies it back to the original location, preserving the original file's ownership and permissions, but with the new content. This final step is the only one that requires elevated privileges, and it's performed by the sudoedit binary itself, not the editor.

sudoedit was introduced as part of the sudo suite to address the security concerns associated with running a full-featured text editor with root privileges. Historically, users would run sudo vi /path/to/file to edit system configuration. This meant the entire vi process, including any plugins, scripts, or shell escapes, ran with root permissions, increasing the potential attack surface. sudoedit was designed as a safer alternative, fundamentally changing the workflow to minimize the time and scope of elevated privileges, thereby reducing risks. Its inclusion reflects a broader trend in security to implement the principle of least privilege.

sudo(8), visudo(8), su(1), vi(1), nano(1)