‘sudoedit’ suddenly not working?

12 May

When updating sudo to a newer version, you may get some odd error messages when trying to edit files with sudoedit despite not changing anything in the system configuration and being absolutely sure that your user has the appropriate rights to do what you are trying.

‘sudoedit’ not following symlinks?

The first possible error message is that sudoedit is unable to follow symlinks for some reason. The exact format looks something like this:

sudoedit: $1: editing symbolic links is not permitted
(where $1 denotes the file you are trying to edit along with the path you used to reach it)

Solution

The solution for that is really simple: just enable the sudoedit_follow parameter in your /etc/sudoers file. It’s a boolean flag, so you should just add sudoedit_follow to a new Defaults line, or separate it with comma from the surrounding entries on an existing one. You would normally do this through visudo, and not edit the file itself directly invoking your favourite editor on it unless you have a (very) good reasons to do so.

The cause for that is hidden in the sudo man page entry for this parameter:

By default, sudoedit will not follow symbolic links when opening files. The sudoedit_follow option can be enabled to allow sudoedit to open symbolic links. It may be overridden on a per-command basis by the FOLLOW and NOFOLLOW tags. This flag is off by default.
This setting is only supported by version 1.8.15 or higher.

‘sudoedit’ not working in writeable folders?

The second error message I have encountered so far is that sudoedit is unable to edit files that are located in writeable folders for some reason. The exact format looks similar to this:

sudoedit: $1: editing files in a writable directory is not permitted
(where $1 denotes the file you are trying to edit along with the path you used to reach it)

Solution

The solution for that is really simple (again): just disable the sudoedit_checkdir parameter in your /etc/sudoers file. It’s a boolean flag, so you should just add !sudoedit_checkdir to a new Defaults line, or separate it with comma from the surrounding entries on an existing one. You would normally do this through visudo, and not edit the file itself directly invoking your favourite editor on it unless you have a (very) good reasons to do so.

The cause for that is (also) hidden in the sudo man page entry for this parameter:

If set, sudoedit will refuse to edit files located in a directory that is writable by the invoking user unless it is run by root. On many systems, this option requires that the parent directory of the file to be edited be readable by the target user. This flag is off by default.

Notice that according to the manual, this particular flag should be unset by default, but I have also encountered a few GNU/Linux systems where this was apparently overridden somewhere – either from the distribution itself, or from any previous system administrator for some reason – and I had to manually change that (back) to the desired state.

One Reply to “‘sudoedit’ suddenly not working?”

Leave a Reply

Your email address will not be published. Required fields are marked *