How to edit files in GUI text editors as root?

command-line root sudo text-editor editing

This time and another I need to edit some files that are supposed to be edited by root only.

I would very much prefer to do it in a GUI text editor rather than using command line tools like nano or vi. Yes, it is perfectly possible to do editing using either one of them or the likes, I am merely dissatisfied with this option, because it is inconvenient when compared to working with kate or gedit (personal opinion; it is totally fine if you have the opposite, but I stick to mine).

That being said, I would not like to completely compromise security with a nuclear option xhost si:localuser:root. Is there any middle ground solution (like sudo that, unfortunately, have intentionally been crippled when it comes to running GUI stuff)?


Solution 1:

1. The admin:// URI

In Ubuntu, the official way to edit system files as root with a graphical editor is to use the admin:// URI. For example, to edit /etc/fstab, issue the following command in the run dialog you obtain after pressing Alt+F2 or on the terminal:

gedit admin:///etc/fstab

In older Ubuntu versions (prior to 20.10), the very first time you do this, you need to supply your user password two times in a row. This has been fixed in 20.10.

Of course, your user needs to belong to the root group in order to edit system files.

2. Using sudoedit

An approach valid for any desktop environment with any editor would be to use sudoedit. Setup the SUDO_EDITOR environment variable to point to the binary of your graphical editor, for example: export SUDO_EDITOR="/usr/bin/gedit". Then, you can use the command sudoedit <file> or sudo -e <file> to open a system file in your graphical editor. Much the way the admin:// URI does, this will create a temporary copy, which you edit as a normal user. Once the editor is closed, the modified temporary copy is copied back over the system file.

This can actually be combined in a single command:

env SUDO_EDITOR="/usr/bin/gedit" sudoedit <file>

Thus, the environment is changed only when you explicitly want to use the graphical editor. You create an alias or create a small script to edit system text files in a graphical editor with a single command.

3. Discouraged: using pkexec

These two options do not at any time run your graphical editor as root, which is preferred. Still, it is possible to run a graphical editor as root using pkexec. You can install a PolicyKit file, but you also may run it with some environment variables. For nautilus users, the package nautilus-admin installs a PolicyKit file for gedit and provides a right-click menu option in nautilus to launch a text file in gedit with root permissions. However, these options, where a graphical application is run as root are, according to man pkexec, discouraged:

As a result, pkexec will not allow you to run X11 applications as another user since the $DISPLAY and $XAUTHORITY environment variables are not set. These two variables will be retained if the org.freedesktop.policykit.exec.allow_gui annotation on an action is set to a nonempty value; this is discouraged, though, and should only be used for legacy programs.

Related

Ubuntu 20.04 fails to write on Hard Disk and freezes, shows "I/O error"
Ubuntu from flash drive
How to stop Ubuntu loading/booting up?
Ubuntu adding path/Environment variables
Cannot login after upgrading from 16.04 to 18.04
Why is resume from hibernate not working?
12.04: LightDM freezes while "Logging in..." - maybe due to deactivated login sound [closed]
First Admin account not showing on login page
Manipulate incoming HTML data
Why does hdiutil fail on symlinks when creaing an image of a Time Machine backup?
iCloud Services (iMessages/FaceTime/Continuity) Very Broken on my Mac
How to disable Wi-Fi and bluetooth using Apple Configurator?