What specific bad things happen when gedit is used with sudo?

Question

I read this answer explaining that "sometimes" root can own something at /home/$USER directory.

Can anyone give an example how to prove it. Just give a test case when something really bad happens, when I run

sudo gedit /etc/rc.local

edit file and save.

I got many downvotes trying to help OP out and comments flooded in saying that it is a crime to run gedit with sudo.

Can anyone give a real example?

I clearly explained why this question is not a duplicate. There is no answer specific to gedit to the linked question.

And it is important to explain why widely used sudo gedit is bad, or not really, etc.

Always used it with sudo, never got a problem. Good question. — , Jun 05 '15 at 21:26
They have no idea what they write about. One reads something somewhere and writes a "good" answer. Then they bring that answer as proof, etc. — Pilot6, Jun 05 '15 at 21:28
I agree, most of the time people write sentences without really knowing what they are talking about. Perhaps there's a good explanation. — , Jun 05 '15 at 21:30
I really know when what and where gedit writes. I added patches to it.))) Just do not change gedit configs with sudo and that's it. — Pilot6, Jun 05 '15 at 21:35
Its very simply that it bits of the home directory etc can become owned by root which is a pain in the neck (I think a few other linux systems have measures in place to stop this happening, but with ubuntu it seems to have been decreed that u have to use gksudo or whatever....). I just uses nano which runs within the terminal :) — Wilf, Jun 05 '15 at 21:57
@Wilf, nano likes to write ~/.nano_history which if you run it with sudo causes the file to be owned by root, so when you run nano without sudo it complains that it can't access the file. A simple sudo chown fixes it. — psusi, Jun 05 '15 at 22:06
Lol never had a issue to complain of (nano doesn't crash or anything), though i have had stuff-owned-by-root at least twice in gedit (on ubuntu) though. — Wilf, Jun 05 '15 at 22:11
Nice question. I've done a little testing - it's not conclusive but it suggests that sudo -H is useful. See my answer. — Tim, Jun 05 '15 at 22:13
What testing have you done? With Firefox? This is another case. Firefox writes a lot to hidden directories. I do not recommend to use a browser with sudo. It is not safe and really can spoil things in configs, cache and cookies. — Pilot6, Jun 05 '15 at 22:15
Who flagged as "opinion based"? It is a good question for a real test case. What opinions are you talking about? — Pilot6, Jun 05 '15 at 22:21
oh, just to add, I don't have ~/.nano_history on any of my linux boxes that are on (including ubuntu server) — Wilf, Jun 05 '15 at 22:21
As far as rc.local goes , that's a run level script, it should be owned by root hence sudo has no effect on it. Try it with ~/.bashrc. I don't think shell will accept that file if it's owned by root and should regress to default settings. But that's just a suggestion. I'll be back tomorrow, see how this question does — Sergiy Kolodyazhnyy, Jun 05 '15 at 22:22
What is the point of opening a user file with sudo? You will spoil permissions opening it any editor this way. Even vi. — Pilot6, Jun 05 '15 at 22:25
For most editors it is not the opening, its pressing SAVE. mOst editros also save setting s somewhere, so if you/it modify settings it wil update them. — Wilf, Jun 05 '15 at 22:31
I meant that. If you just open nothing happens at all. That's obvious. — Pilot6, Jun 05 '15 at 22:32
For what it's worth, I just edit it in-place to use -H when I see it. — muru, Jun 06 '15 at 00:07
I'm working on an OSS Backup project which creates crontab jobs for the user. We had some some problems where people run the GUI with sudo. Config was written into /home/user but the cronjob for root was searching in /root. So I always suggest to run with gksudo (or by now with pkexec) and added a warning if running with sudo. — Germar, Jun 06 '15 at 00:53
I recommend we reopen this. I wrote the post @Pilot6 questions here and I think this is a good question. I used sudo -H gedit to show a safe variant but didn't give a readily verifiable example, gedit-based or otherwise, as I saw it as beyond the scope of that question. So long as this and that are separate, surely this isn't a dupe. (The delete votes here go against the official guidance, but that's not why I'm voting to reopen.) — Eliah Kagan, Sep 11 '17 at 17:48

Tim · Answer 1 · 2019-10-15T20:24:33.600

Well maybe it's a fantasy, but there are a number of people saying the same thing:

Why should I use gksudo for Gtk apps instead of sudo?

There are other times, though, when side effects can be as mild as Firefox extensions not sticking or as extreme as as not being able to log in any more because the permissions on your .ICEauthority changed.
Why should users never use normal sudo to start graphical applications?

Suppose you're running gedit (a graphical text editor) as root. If you run sudo gedit, HOME will continue to point toward your home directory, even though the program is running as root. Consequently, gedit will write configuration files as root into your home directory. This will sometimes result in the configuration files being owned by root and thus inaccessible to you (when you later run the program as yourself and not as root).
How to run a GUI program as a different user (Debian)?

First off, don't use sudo or su to change users to run a graphical process, or you're liable to have problems down the line (~/.ICEauthority changing owner is a notable issue). Instead, create a shortcut that uses the following command:
Running Sudo Graphically

Well, to be perfectly honest, most of the time it isn't. For a lot of applications, you can run them the improper way—using sudo for graphical applications and see no adverse side effects.

...

These errors occur because sometimes when sudo launches an application, it launches with root privileges but uses the user's configuration file.

This mail archive may also be of interest to you.

So, let's test it.

2 brand new virtual boxes. Ubuntu 14.04. Never run firefox on them. What will happen when I run the command sudo firefox?

tim@Hairy14CVB:~$ sudo firefox    
(process:4857): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed

...

shutdownObserver@XPIProvider.jsm:2192:13

This is the same (or at least very similar) for both virtual boxes. While firefox was running, I installed a youtube extension - a featured one. Then I closed firefox, and checked the output.

tim@Hairy14CVB:~$ ls -la .ICEauthority 
-rw------- 1 tim tim 1336 Jun  4 21:31 .ICEauthority

Well, .ICEauthority is fine! However...

tim@Hairy14CVB:~$ ls -la | grep root
drwxr-xr-x  3 root root 4096 Jun  1 20:49 ..
drwx------  3 root root 4096 Jun  5 22:41 .dbus
drwx------  4 root root 4096 Jun  5 22:41 .mozilla

3 things in my home folder (/home/tim/) are owned by root (.., .dbus and .mozilla). This is the same (or at least very similar) for both virtual boxes.

So, does this matter. I wasn't sure, so I ran firefox, like this:

tim@Hairy14CVB:~$ firefox

(process:4959): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
Error: Access was denied while trying to open files in your profile directory.

And this ugly error:

enter image description here

For the full terminal output (including firefox babble), see these two pastebins, here and here.

I can still run firefox as root by the way. But now more files have been changed:

tim@Hairy14VB:~$ ls -la | grep root
drwxr-xr-x  4 root root  4096 Jun  3 19:46 ..
drwx------  3 root root  4096 Jun  5 22:55 .adobe
drwx------  3 root root  4096 Jun  5 22:40 .dbus
drwx------  3 root root  4096 Jun  5 22:55 .macromedia
drwx------  4 root root  4096 Jun  5 22:40 .mozilla

Was this because I uploaded an image to imgur.com? Not sure.

How did I fix this? chown. I don't understand it, but the internet said to do it, and it's a Virtual Box so yolo.

sudo chown -R tim:tim /home/tim/

And that fixed it. Now the output is just the .. file:

tim@Hairy14VB:~$ ls -la | grep root
drwxr-xr-x  4 root root  4096 Jun  3 19:46 ..

And that's the same on my actual computer. Oh, and on my Kubuntu virtualbox:

tim@Hairy14VB:~$ ls -la | grep root
drwxr-xr-x  3 root root  4096 May 16 14:10 ..

Which I've never even run a sudo command on. So all is well. Just don't run sudo on a GUI application.

Final test: run it with the -H and the -i flags:

sudo -H firefox

and

sudo -i firefox

And good news! Still, the only root "thing" is ... And I can run firefox without root.

OP wants me to talk about Gedit.

I ran

sudo gedit

Then installed some random plugins. This was the output:

tim@Hairy14VB:~$ ls -la | grep root
ls: cannot access .gvfs: Permission denied
drwxr-xr-x  4 root root   4096 Jun  3 19:46 ..

Note that I can't even view the ownership of .gvfs so I did this:

tim@Hairy14VB:~$ sudo ls -la | grep root
drwxr-xr-x  4 root root   4096 Jun  3 19:46 ..
dr-x------  2 root root      0 Jun  6 10:05 .gvfs

So running sudo gedit does change a file in my home directory to root.

I can still open gedit, but this time I get some garbage out:

(gedit:7422): Gtk-WARNING **: Attempting to read the recently used resources file at `/home/tim/.local/share/recently-used.xbel', but the parser failed: Failed to open file '/home/tim/.local/share/recently-used.xbel': Permission denied.

And that suggests there is another file (~.local/share/recently-used.xbel) that's been changed. I think this is the Recently used list of files and (lucky guess) I now no longer have my list of recently used files:

There should be a file there called output2.txt.save2. My pronouns are He / Him

You wrote everything but the answer to the question. Just give a test case with gedit. Should I flag as "not an answer"? Or "very bad quality" though long ?))) — Pilot6, Jun 05 '15 at 22:14
@Pilot6 - in the question Can anyone give an example how to prove it ..... Can anyone give a real example? - and this links to past stuff and gives a example of what can happen with firefox as root - Should I flag your comment 'not constructive' as I can't find 'weirdly grumpy'? be nice cmon :) — Wilf, Jun 05 '15 at 22:22
I know what can happen to firefox, but it is off topic to this question. And my knowledge is coming not from reading other posts of same quality. — Pilot6, Jun 05 '15 at 22:23
@Pilot6 you need to specify that is more about gedit more in your question then.... nevermind. - by the way I think .. should be owned by root as that probably is /home. Tim you could make the OP happier if you referred to gedit :D — Wilf, Jun 05 '15 at 22:26
@Wilf You mean to specify that it is not /home, but /home/$USER ? — Pilot6, Jun 05 '15 at 22:29
If it is run in ~ (which is /home/$USER (or $HOME)), . = /home/$USER (current directory), .. = /home (parent dir). Try running cd .. ; echo $PWD a few times - other example stuff here — Wilf, Jun 05 '15 at 22:37
Oh please don't use ls -la|grep root but either find . -uid 0 or find . -user root — solsTiCe, Jun 05 '15 at 23:09
@Pilot6 okay, I've edited to include some stuff about gedit. I don't think it adds anything to my answer, but you seem to want it so... — Tim, Jun 06 '15 at 09:47
@Tim chown changes the owner of files. tim:staff changes the owner to tim and the group to staff. I'm going to bet you don't have a group named staff on your machine ;) Really good answer though. And God forbid that somehow your .xauthority or another important config file somehow become owned by root. — Seth, Jun 09 '15 at 00:54
Both the citations and the detailed examples make this super-useful! I'm glad you added Gedit but I agree with @Wilf that it was good even before. It is not merely Gedit examples that I (deliberately) didn't include there. If people want, I can add a short note there about the "sometimes," but I really think this question is separate and I've voted to reopen. If we reopen this, I'll try and add another answer with more details about Gedit, but this will still be the most useful answer for most people. — Eliah Kagan, Sep 11 '17 at 18:05

score 10 · Accepted Answer · edited Feb 06 '19 at 14:38

As far as sudo gedit, nothing dire, just poor practice, especially as of late. How much harder would it be to suggest sudo -H gedit?

-H, --set-home Request that the security policy set the HOME environment variable to the home directory specified by the target user's password database entry. Depending on the policy, this may be the default behavior.

What does happen?

You get a couple of root owned files in your home folder. One (recently-used.xbel) will likely return to user ownership. This can happen when a file is deleted and re-created. To see what sudo gedit has changed, run find ~ -user root -group root and see what is returned. By default, this is should be nothing.

With that command, you may see a couple files owned by root. One would be a new .file, .gvfs, and sooner or later a root-owned ~/.cache/dconf and the aforementioned recently-used.xbel.

So no 'the sky is failing' stuff, but still. Now there have been reports that continued use causes other issues but not going to claim what I don't see here.

Also note that as of 13.10 a sudo gedit will use the user's gedit config rather than root's gedit config. Again just bad practice so why continue to do so or suggest others do so?

Sometimes I now also take the opportunity to show users how to use nano as it's easy & most times can supplant gedit. There are some cases though where gedit is still better than nano even for those that know how to use. Also sudo gedit can lead to sudo nautilus which probably is worse.. ( Here I have a pkexec enabled gedit but thats beyond the scope of this discussion — doug, Jun 05 '15 at 23:48

What specific bad things happen when gedit is used with sudo?

2 Answers2

So, let's test it.

Linked