Why is sudoedit writing to a temporary directory?











up vote
8
down vote

favorite
1












I used sudoedit to create a file:



 $ sudoedit /etc/systemd/system/apache2.service


but when I went to save the file, it wrote it in a temporary directory (/var/temp/blahblah). What is going on? Why is it not saving it to the system directory?










share|improve this question




























    up vote
    8
    down vote

    favorite
    1












    I used sudoedit to create a file:



     $ sudoedit /etc/systemd/system/apache2.service


    but when I went to save the file, it wrote it in a temporary directory (/var/temp/blahblah). What is going on? Why is it not saving it to the system directory?










    share|improve this question


























      up vote
      8
      down vote

      favorite
      1









      up vote
      8
      down vote

      favorite
      1






      1





      I used sudoedit to create a file:



       $ sudoedit /etc/systemd/system/apache2.service


      but when I went to save the file, it wrote it in a temporary directory (/var/temp/blahblah). What is going on? Why is it not saving it to the system directory?










      share|improve this question















      I used sudoedit to create a file:



       $ sudoedit /etc/systemd/system/apache2.service


      but when I went to save the file, it wrote it in a temporary directory (/var/temp/blahblah). What is going on? Why is it not saving it to the system directory?







      sudoedit






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 15 at 11:19









      ctrl-alt-delor

      9,87031954




      9,87031954










      asked Nov 15 at 9:18









      Tyler Durden

      1,50041849




      1,50041849






















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          20
          down vote



          accepted










          The point of sudoedit is to allow users to edit files they wouldn’t otherwise be allowed to, while running an unprivileged editor. To make this happen, sudoedit copies the file to be edited to a temporary location, makes it writable by the requesting user, and opens it in the configured editor. That’s why the editor shows an unrelated filename in a temporary directory. When the editor exits, sudoedit checks whether any changes were really made, and copies the changed temporary file back to its original location if necessary.






          share|improve this answer





















          • IIRC some editors will also do basic sanity checks to ensure that no computer-bricking changes were made, but I'm not sure how common that is,.
            – Nic Hartley
            Nov 15 at 22:56








          • 1




            @NicHartley: It's hard to do that in the general case, because there are so many varied ways to brick your computer. It tends to be application specific, e.g. with visudo for /etc/sudoers.
            – Kevin
            Nov 16 at 0:34










          • @Kevin Oh, whoops, I think I confused visudo for sudoedit. I knew visudo did it for sure. Thanks for clearing that up!
            – Nic Hartley
            Nov 16 at 1:10


















          up vote
          0
          down vote













          This is nicely explained in the sudo manpage. The description of -e (which sudoedit is equivalent to) says:




          -e



          The -e (edit) option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken:




          1. Temporary copies are made of the files to be edited with the owner set to the invoking user.

          2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.

          3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.


          If the specified file does not exist, it will be created. Note that unlike most commands run by sudo, the editor is run with the invoking user's environment unmodified. If, for some reason, sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.




          In particular, note the third step: only if the file has been modified at the end of editing is the original changed. So, if you have a program that watches a file, this can help avoid (a) intermediate writes being picked up, and (b) unnecessary actions if you decided to make no changes in the end.






          share|improve this answer








          New contributor




          JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.


















            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "106"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














             

            draft saved


            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481884%2fwhy-is-sudoedit-writing-to-a-temporary-directory%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            20
            down vote



            accepted










            The point of sudoedit is to allow users to edit files they wouldn’t otherwise be allowed to, while running an unprivileged editor. To make this happen, sudoedit copies the file to be edited to a temporary location, makes it writable by the requesting user, and opens it in the configured editor. That’s why the editor shows an unrelated filename in a temporary directory. When the editor exits, sudoedit checks whether any changes were really made, and copies the changed temporary file back to its original location if necessary.






            share|improve this answer





















            • IIRC some editors will also do basic sanity checks to ensure that no computer-bricking changes were made, but I'm not sure how common that is,.
              – Nic Hartley
              Nov 15 at 22:56








            • 1




              @NicHartley: It's hard to do that in the general case, because there are so many varied ways to brick your computer. It tends to be application specific, e.g. with visudo for /etc/sudoers.
              – Kevin
              Nov 16 at 0:34










            • @Kevin Oh, whoops, I think I confused visudo for sudoedit. I knew visudo did it for sure. Thanks for clearing that up!
              – Nic Hartley
              Nov 16 at 1:10















            up vote
            20
            down vote



            accepted










            The point of sudoedit is to allow users to edit files they wouldn’t otherwise be allowed to, while running an unprivileged editor. To make this happen, sudoedit copies the file to be edited to a temporary location, makes it writable by the requesting user, and opens it in the configured editor. That’s why the editor shows an unrelated filename in a temporary directory. When the editor exits, sudoedit checks whether any changes were really made, and copies the changed temporary file back to its original location if necessary.






            share|improve this answer





















            • IIRC some editors will also do basic sanity checks to ensure that no computer-bricking changes were made, but I'm not sure how common that is,.
              – Nic Hartley
              Nov 15 at 22:56








            • 1




              @NicHartley: It's hard to do that in the general case, because there are so many varied ways to brick your computer. It tends to be application specific, e.g. with visudo for /etc/sudoers.
              – Kevin
              Nov 16 at 0:34










            • @Kevin Oh, whoops, I think I confused visudo for sudoedit. I knew visudo did it for sure. Thanks for clearing that up!
              – Nic Hartley
              Nov 16 at 1:10













            up vote
            20
            down vote



            accepted







            up vote
            20
            down vote



            accepted






            The point of sudoedit is to allow users to edit files they wouldn’t otherwise be allowed to, while running an unprivileged editor. To make this happen, sudoedit copies the file to be edited to a temporary location, makes it writable by the requesting user, and opens it in the configured editor. That’s why the editor shows an unrelated filename in a temporary directory. When the editor exits, sudoedit checks whether any changes were really made, and copies the changed temporary file back to its original location if necessary.






            share|improve this answer












            The point of sudoedit is to allow users to edit files they wouldn’t otherwise be allowed to, while running an unprivileged editor. To make this happen, sudoedit copies the file to be edited to a temporary location, makes it writable by the requesting user, and opens it in the configured editor. That’s why the editor shows an unrelated filename in a temporary directory. When the editor exits, sudoedit checks whether any changes were really made, and copies the changed temporary file back to its original location if necessary.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 15 at 9:22









            Stephen Kitt

            157k23343416




            157k23343416












            • IIRC some editors will also do basic sanity checks to ensure that no computer-bricking changes were made, but I'm not sure how common that is,.
              – Nic Hartley
              Nov 15 at 22:56








            • 1




              @NicHartley: It's hard to do that in the general case, because there are so many varied ways to brick your computer. It tends to be application specific, e.g. with visudo for /etc/sudoers.
              – Kevin
              Nov 16 at 0:34










            • @Kevin Oh, whoops, I think I confused visudo for sudoedit. I knew visudo did it for sure. Thanks for clearing that up!
              – Nic Hartley
              Nov 16 at 1:10


















            • IIRC some editors will also do basic sanity checks to ensure that no computer-bricking changes were made, but I'm not sure how common that is,.
              – Nic Hartley
              Nov 15 at 22:56








            • 1




              @NicHartley: It's hard to do that in the general case, because there are so many varied ways to brick your computer. It tends to be application specific, e.g. with visudo for /etc/sudoers.
              – Kevin
              Nov 16 at 0:34










            • @Kevin Oh, whoops, I think I confused visudo for sudoedit. I knew visudo did it for sure. Thanks for clearing that up!
              – Nic Hartley
              Nov 16 at 1:10
















            IIRC some editors will also do basic sanity checks to ensure that no computer-bricking changes were made, but I'm not sure how common that is,.
            – Nic Hartley
            Nov 15 at 22:56






            IIRC some editors will also do basic sanity checks to ensure that no computer-bricking changes were made, but I'm not sure how common that is,.
            – Nic Hartley
            Nov 15 at 22:56






            1




            1




            @NicHartley: It's hard to do that in the general case, because there are so many varied ways to brick your computer. It tends to be application specific, e.g. with visudo for /etc/sudoers.
            – Kevin
            Nov 16 at 0:34




            @NicHartley: It's hard to do that in the general case, because there are so many varied ways to brick your computer. It tends to be application specific, e.g. with visudo for /etc/sudoers.
            – Kevin
            Nov 16 at 0:34












            @Kevin Oh, whoops, I think I confused visudo for sudoedit. I knew visudo did it for sure. Thanks for clearing that up!
            – Nic Hartley
            Nov 16 at 1:10




            @Kevin Oh, whoops, I think I confused visudo for sudoedit. I knew visudo did it for sure. Thanks for clearing that up!
            – Nic Hartley
            Nov 16 at 1:10












            up vote
            0
            down vote













            This is nicely explained in the sudo manpage. The description of -e (which sudoedit is equivalent to) says:




            -e



            The -e (edit) option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken:




            1. Temporary copies are made of the files to be edited with the owner set to the invoking user.

            2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.

            3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.


            If the specified file does not exist, it will be created. Note that unlike most commands run by sudo, the editor is run with the invoking user's environment unmodified. If, for some reason, sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.




            In particular, note the third step: only if the file has been modified at the end of editing is the original changed. So, if you have a program that watches a file, this can help avoid (a) intermediate writes being picked up, and (b) unnecessary actions if you decided to make no changes in the end.






            share|improve this answer








            New contributor




            JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.






















              up vote
              0
              down vote













              This is nicely explained in the sudo manpage. The description of -e (which sudoedit is equivalent to) says:




              -e



              The -e (edit) option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken:




              1. Temporary copies are made of the files to be edited with the owner set to the invoking user.

              2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.

              3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.


              If the specified file does not exist, it will be created. Note that unlike most commands run by sudo, the editor is run with the invoking user's environment unmodified. If, for some reason, sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.




              In particular, note the third step: only if the file has been modified at the end of editing is the original changed. So, if you have a program that watches a file, this can help avoid (a) intermediate writes being picked up, and (b) unnecessary actions if you decided to make no changes in the end.






              share|improve this answer








              New contributor




              JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.




















                up vote
                0
                down vote










                up vote
                0
                down vote









                This is nicely explained in the sudo manpage. The description of -e (which sudoedit is equivalent to) says:




                -e



                The -e (edit) option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken:




                1. Temporary copies are made of the files to be edited with the owner set to the invoking user.

                2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.

                3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.


                If the specified file does not exist, it will be created. Note that unlike most commands run by sudo, the editor is run with the invoking user's environment unmodified. If, for some reason, sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.




                In particular, note the third step: only if the file has been modified at the end of editing is the original changed. So, if you have a program that watches a file, this can help avoid (a) intermediate writes being picked up, and (b) unnecessary actions if you decided to make no changes in the end.






                share|improve this answer








                New contributor




                JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.









                This is nicely explained in the sudo manpage. The description of -e (which sudoedit is equivalent to) says:




                -e



                The -e (edit) option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken:




                1. Temporary copies are made of the files to be edited with the owner set to the invoking user.

                2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.

                3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.


                If the specified file does not exist, it will be created. Note that unlike most commands run by sudo, the editor is run with the invoking user's environment unmodified. If, for some reason, sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.




                In particular, note the third step: only if the file has been modified at the end of editing is the original changed. So, if you have a program that watches a file, this can help avoid (a) intermediate writes being picked up, and (b) unnecessary actions if you decided to make no changes in the end.







                share|improve this answer








                New contributor




                JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.









                share|improve this answer



                share|improve this answer






                New contributor




                JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.









                answered Nov 16 at 6:58









                JohnDoea

                172




                172




                New contributor




                JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.





                New contributor





                JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.






                JohnDoea is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.






























                     

                    draft saved


                    draft discarded



















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481884%2fwhy-is-sudoedit-writing-to-a-temporary-directory%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Ellipse (mathématiques)

                    Quarter-circle Tiles

                    Mont Emei