Sudoedit Permissions – How to Sudoedit Root Owned File in a Non-Root Directory

permissionssudoedit

Why can't I edit files owned by root but being e.g. somewhere deep in my personal directory, it says:

sudoedit: existingFile: editing files in a writable directory is not permitted

While I have the following function defined:

function sunano {
    export SUDO_EDITOR='/usr/local/bin/nano'
    sudoedit "$@"
}

And I edit like this:

sunano existingFile

Where the file is indeed owned by root:

ls -l existingFile

Proves that:

-rwxr-xr-x 1 root root 40 Jun 15  2015 existingFile

Best Answer

The manpage says

Files located in a directory that is writable by the invoking user may not be edited unless that user is root (version 1.8.16 and higher).

If you can write to the directory containing the file, then you can edit it in practice without needing sudoedit (although you may not be able to read its current contents): you can move it out of the way and create a new file with the same name. In your particular case, you can read the file, and you should find that at least some editors will allow you to edit it (at least those which save files by writing a temporary file and renaming it into place).

The reasoning behind this feature is given in sudo bug 707: basically, allowing users to edit files in directories they can write to with sudoedit can allow them to circumvent the restrictions set up in sudoedit’s configuration (and effectively edit any file on the system).

Related Question