• vsis@feddit.clEnglish
    4·
    10 months ago

    wrong: you press esc multiple times to make sure you are in normal mode.

    • hemko@lemmy.dbzer0.comEnglish
      0·
      10 months ago

      You shouldn’t really use editor with sudo, but instead use sudoedit to edit files restricted to root user

      SUDO_EDITOR=nano sudoedit /etc/fstab

      This accomplishes the same function while running the text editor as unprivileged user

      • Doctor xNo@r.nfEnglish
        0·
        10 months ago

        Why?

        Files from user: nano

        Files from root: sudo nano

        Files from another user: sudo nano (and if new sudo chown after)… 😂

        Never had any problems with this in over 10 years… 😅😂

        • hemko@lemmy.dbzer0.comEnglish
          0·
          10 months ago

          As mentioned, to prevent running your text editor with root permissions. It’s just security optimization

          • Doctor xNo@r.nfEnglish
            1·
            10 months ago

            Let me rephrase my question:

            Why would I not want to open nano as root?

            No offense, but that sounds like more OCD behavior. 😅 I don’t need or want protection against myself, and I even loath the whole “that’s not how you’re supposed to do it”-mentality of linux (where when commands know very well what you want, instead of doing it, just tell you you forgot something). 😅

            • hemko@lemmy.dbzer0.comEnglish
              21·
              9 months ago

              It’s not any OCD behavior, but simply the best practices. You’ve probably at least minimally familiar with the principal of least privilege? The idea is to minimize scope of a potential problem , was it malicious attack or user error, by restricting access to minimum required to perform a task. It may feel like fighting pedantically (and I’ve been fighting this more than I’d care to) but it will save your ass one day.

              • Doctor xNo@r.nfEnglish
                1·
                10 months ago

                But, in that example:

                If I’m the admin it doesn’t matter I use it.

                If I’m not it’s not my problem that I could get more privileges than allowed. I’d probably even use the possibility then. 😅

                So it poses a risk if you allow none-admin users to do that on your system, but I still don’t see why I must choose to not use nano as root myself. 😅

                Anyway, good practice to me is ease-of-use instead of with 7 protections against things that rarely happen.

                Like, I’m pretty sure you are better protected from burglars if you also lock all doors inside your house, but I’m definitely not doing that either. 😅

                Edit: Also, if you have users on your system, just chroot/vroot/lxc them, so they be free to ‘sudo nano’ too… 😅

            • scinde@discuss.tchncs.de
              0·
              10 months ago

              It’s probably to protect against any potential security vulnerabilities in the text editor program itself, not to protect you from yourself.

              • Doctor xNo@r.nfEnglish
                0·
                10 months ago

                Wouldn’t that logic count for anything, including sudo itself?

                • scinde@discuss.tchncs.de
                  0·
                  10 months ago

                  Sure, but sudo is specifically designed with security in mind as a security program, whereas text editors are not (although I am more likely to trust vim than vscode). Running a malicious program as the user and not as root can help mitigate the impact it could do, even though it will still be able to do a lot as a user.