Careful with sudo – giving access to vi/vim via sudo could allow someone to wreak havoc

sudo can be used to give certain users access to commands that require root. This is handy when you’ve got lots of users that need to administer the system or software that resides within it. This also means you don’t have to distribute the . An example would be to allow a user to edit certain configuration files in a directory that’s owned by root, and which changing the permissions could be troublesome or yield unknown consequences.

If you’re an admin and you’re doing things in this way, be careful who you give `sudo vi` permissions to. Allowing someone to access vi through sudo means they can execute anything as root. Vi (or Vim) has the ability to run commands on the OS by just issuing `:! somecommand` within the editor. Therefore, doing a sudo vi means you can `rm -rf`, chgrp or chmod (and everything else), and not have any issues whatsoever.

access a command as root via vim

This entry was written by atc and posted on January 7, 2009 at 14:44 and filed under Linux, Quick post, Technology. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

3 Comments

Ovidiu Curcan

Posted January 7, 2009 at 14:55 | Permalink

:sh
atc

Posted January 7, 2009 at 15:30 | Permalink

Yeah, I thought that’d be obvious Ovidiu.
rvg

Posted January 9, 2009 at 19:36 | Permalink

“The same is true for commands that offer shell escapes (including most editors). Because of this, care must be taken when giving users access to commands via sudo to verify that the command does not inadvertently give the user an effective root shell. For more information, please see the PREVENTING SHELL ESCAPES section in sudoers(5).”

just a little man-page reading :)

atc