sudo vs. gksu

NoOp glgxg at sbcglobal.net
Sun Apr 6 18:09:25 UTC 2008 

On 04/06/2008 12:37 AM, Michael R. Head wrote:
> On Sat, 2008-04-05 at 15:28 +0200, Mario Vukelic wrote:
>> On Sat, 2008-04-05 at 14:11 +0100, Tony Arnold wrote:
>> > Can you explain how this problem is avoided with gksu, or gksudo? So far
>> > as I can see using one of these causes the application to run with UID
>> > of 0, i.e., root. The app has no knowledge of how it was invoked, so any
>> > files is creates will be owned by root.
>> > 
>> > Your explanation applies to running any app, not just graphical ones.
>> 
>> http://www.psychocats.net/ubuntu/graphicalsudo 
> 
> That page says that "sudo nano /etc/apt/sources.list"  is a good idea.
> It isn't, and for the same reason graphical apps shouldn't be run
> through sudo -- nano will create/edit extra files in your home
> directory. In fact, there's a command called "sudoedit" which solves the
> problem.
> 
>> 
> 

Good catch.
sudoedit invokes the -e command (as in sudo -e):

http://linux.die.net/man/8/sudoedit
<quote>
-e

The -e (edit) option indicates that, instead of running a command, the
user wishes to edit one or more files. In lieu of a command, the string
"sudoedit" is used when consulting the sudoers file. If the user is
authorized by sudoers the following steps are taken:
    1.

    Temporary copies are made of the files to be edited with the owner
set to the invoking user.

    2.

    The editor specified by the VISUAL or EDITOR environment variables
is run to edit the temporary files. If neither VISUAL nor EDITOR are
set, the program listed in the editor sudoers variable is used.

    3.

    If they have been modified, the temporary files are copied back to
their original location and the temporary versions are removed.
    If the specified file does not exist, it will be created. Note that
unlike most commands run by sudo, the editor is run with the invoking
user's environment unmodified. If, for some reason, sudo is unable to
update a file with its edited version, the user will receive a warning
and the edited copy will remain in a temporary file.
</quote>

More information about the ubuntu-users mailing list