Mike Sampson

Linux Systems Administrator




11 Nov 2009

sudo vim vs sudoedit

Normally when I need to edit a system file I use sudo vim <filename>. I was aware that there was a command called sudoedit that could be used to do the same task as in, sudoedit <filename>. I always assumed the later was just a convenient way to do the former however a post on the Vim mailing list prompted me to check out the documentation.

It turns out that the later command is much preferred from a security standpoint. sudo vim <filename> actually runs vim, and any scripts loaded, as root whereas sudoedit <filename> runs vim as your user. All editing is done on a temp file which is copied into position when editing is completed. This means that any bugs in vim, or loaded scripts, don't execute as root, limiting the damage they can do.

From now on I am going to try to break the habit of using sudo vim <filename>.

Copyright © 2018 - Mike Sampson - Powered by & Skeleton