On 11/14/21 20:44, tempforever wrote:
Lars Noodén via Dng wrote:
[snip]
On 11/8/21 05:12, tempforever wrote: > You say that sudoedit will run the 
editor itself under the unprivileged
account; however, it appears it does run as root:
[snip]

Yes, I say that, but I got it from the manual page which is much more
authoritative.  It goes through the steps:

        1.   Temporary copies are made of the files to be edited with
                the owner set to the invoking user.
        2.   The editor specified by the policy is run to edit the
                temporary files.  The sudoers policy uses the
                SUDO_EDITOR, VISUAL and EDITOR environment variables (in
                that order).  If none of SUDO_EDITOR, VISUAL or EDITOR
                are set, the first program listed in the editor
                sudoers(5) option is used.
        3.   If they have been modified, the temporary files are
                copied back to their original location and the temporary
                versions are removed.

sudoedit is running as root there, but it is not itself an editor.

You can verify for yourself that the editor runs under the unprivileged
account.  Here is an example of using sudoedit to fire up Geany:

$ EDITOR=geany sudoedit /etc/group &

$ ps -p $(pgrep -d , 'sudoedit|geany') -o user,pid,ppid,args
USER         PID    PPID COMMAND
root      221381  221316 sudoedit /etc/group
lars      221382  221381 geany /var/tmp/group.XXm6gNkW

As you see, sudoedit is a wrapper which supervises the editor and a
temporary file.

/Lars
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Reply via email to