Can edit file as root, but not using sudo

permissionsrootsudo

I just faced a really strange situation.

I was trying to edit file /usr/lib/thunderbird/thunderbird.sh, which has the following permissions:

$ ll /usr/lib/thunderbird/thunderbird.sh
-rwxr-xr-x 1 root root 2730 Aug 20 12:55 /usr/lib/thunderbird/thunderbird.sh*

and I found that if I issue

sudo vim /usr/lib/thunderbird/thunderbird.sh

When I switch to insert mode I get a warning message: 

/usr/lib/thunderbird/thunderbird.sh [RO]
W10: Warning: Changing a readonly file
-- INSERT --

And I actually cannot write any changes.

However, if I issue:

user@hostname:~$ sudo su -
root@hostname:~# vim /usr/lib/thunderbird/thunderbird.sh

I can edit the file without problems.

The strange thing is that I have edited lots of files with similar permissions, such as the configuration files in /etc/, without issues, and that If I create a file inside the same directory I have no problems editing it:

user@hostname:~$ sudo touch /usr/lib/thunderbird/test.sh
user@hostname:~$ sudo chmod 755 /usr/lib/thunderbird/test.sh
user@hostname:~$ ll /usr/lib/thunderbird/test.sh /usr/lib/thunderbird/thunderbird.sh
-rwxr-xr-x 1 root root    0 Aug 20 13:03 /usr/lib/thunderbird/test.sh*
-rwxr-xr-x 1 root root 2730 Aug 20 12:55 /usr/lib/thunderbird/thunderbird.sh*
user@hostname:~$ sudo vim /usr/lib/thunderbird/test.sh

This is my sudoers file:

# Cmnd alias specification
Cmnd_Alias  APT = /usr/bin/apt-get update, /usr/bin/apt-get upgrade

# User privilege specification
root    ALL=(ALL:ALL) ALL 

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL 

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL 
%sudo   ALL=(ALL:ALL) NOPASSWD: APT

And my user is inside sudo group.

Any idea about why this happens?

Best Answer

I just discovered the reason, and it was a collection of circumstances:

First of all, I don't know exactly why, but sudo was not grabbing the HOME environment variable properly and used the one of the regular user, so it read the .vimrc from /home/user/.vimrc.

In order to see this, I issued:

user@hostname:~$ sudo bash
[sudo] password for user: 
root@hostname:/home/user# echo $HOME
/home/user

Second, I have folding persistence enabled in my user's vimrc file in order to store cursor position:

au BufWinLeave * mkview
au BufWinEnter * silent loadview

This makes that every time a file is edited, a properties file is created inside $HOME/.vim/view folder. In my case, it looks like I tried to edit the file without sudo the first time, so the folding file was created as regular user's:

user@hostname:~$ ll .vim/view/ | grep thunderbird.sh
-rw-rw-r-- 1 user user  2650 Aug 20 15:56 =+usr=+lib=+thunderbird=+thunderbird.sh=

Since the root took /home/user as $HOME, the same folding file was (wrongly) used when I issued sudo vim, and for some reason that I ignore, probable related to vim internals, if the folding file is not owned by the editing user, the edited file is opened in ReadOnly mode.

So, I realized that if I removed the file /home/user/.vim/view/=+usr=+lib=+thunderbird=+thunderbird.sh= and then tried to edit using sudo vim, I had no problems at all.

So, at the end of the story, in order to fix this situation I just edited /etc/sudoers and added this line:

Defaults always_set_home

Now everything works as expected and I can use sudo reliably again.

Related Question