How to properly edit system files (as root) in GUI (and CLI) in Gnu/Linux?

System: Linux Mint 18.1 64-bit Cinnamon.

Objective: To define Bash aliases to launch various CLI and GUI text editors while opening a file in root mode from gnome-terminal emulator.

Progress

For example, the following aliases seem to work as expected:

For CLI, in this example I used Nano (official website):

alias sunano='sudo nano'

For GUI, in this example I used Xed (Wikipedia article):

alias suxed='sudo xed'

They both open a file as root.

Problem

I have an issue with gksudo in conjunction with sublime-text:

alias susubl='gksudo /opt/sublime_text/sublime_text'

Sometimes it works. It just does not do anything most of the time.

How do I debug such a thing with inconsistent behavior? It does not output anything. No error message or similar.

Question

gksudo has been deprecated in Debian and also no longer included in Ubuntu 18.04 Bionic, so let me re-formulate this question to a still valid one:

How to properly edit system files (as root) in GUI (and CLI) in Linux?

Properly in this context I define as safely in case, for instance, a power loss occurs during the file edit, another example could be lost SSH connection, etc.

Asked By: Vlastimil Burián

||
Source

You shouldn’t run an editor as root unless absolutely necessary; you should use sudoedit or sudo -e or sudo --edit, or your desktop environment’s administrative features.

sudoedit

Once sudoedit is set up appropriately, you can do

SUDO_EDITOR="/opt/sublime_text/sublime_text -w" sudoedit yourfile

sudoedit will check that you’re allowed to do this, make a copy of the file that you can edit without changing ownership manually, start your editor, and then, when the editor exits, copy the file back if it has been changed.

I’d suggest a function rather than an alias:

function susubl {
    export SUDO_EDITOR="/opt/sublime_text/sublime_text -w"
    sudoedit "$@"
}

although as Jeff Schaller pointed out, you can use env to put this in an alias and avoid changing your shell’s environment:

alias susubl='env SUDO_EDITOR="/opt/sublime_text/sublime_text -w" sudoedit'

Take note that you don’t need to use the $SUDO_EDITOR environment variable if $VISUAL or $EDITOR are already good enough.

The -w option ensures that the Sublime Text invocation waits until the files are closed before returning and letting sudoedit copy the files back.

Desktop environments (GNOME)

In GNOME (and perhaps other desktop environments), you can use any GIO/GVFS-capable editor, with the admin:// scheme; for example

gedit admin:///etc/shells

This will prompt for the appropriate authentication using PolKit, and then open the file for editing if the authentication was successful.

Answered By: Stephen Kitt

Different solution: I never edit system files directly, I make a copy somewhere(*), edit the copy (with my usual editor), and sudo cp when done.

(*) I have a directory for this, where all files are kept in one place:

  • naturally keeps a list of all the file that I have changed
  • easy to version
  • easy to backup
  • easy to transfer to another machine
Answered By: xenoid
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.