I can't edit /etc/default/grub
I'm trying to update my grub boot order back to booting the first option instead of the second, so I run sudo nano /etc/default/grub
, but it brings up this, which is not the file I want to edit.
I'm on fedora 38
I'm trying to update my grub boot order back to booting the first option instead of the second, so I run sudo nano /etc/default/grub
, but it brings up this, which is not the file I want to edit.
I'm on fedora 38
so I run
sudo nano /etc/default/grub
For improved security during file edits that require root access, it's highly advised to use sudoedit
(or sudo -e
). This method is considered the standard practice to avoid the security pitfalls associated with directly invoking editors with sudo
. To ensure the use of nano
with sudoedit
, simply set the VISUAL
environment variable with export VISUAL=nano
before running sudoedit
. Alternatively, for a one-off command: VISUAL=nano sudoedit /path/to/file
.
Please note that while sudoedit
is a safer starting point, it's not the only method available. Alternatives such as doas
, doasedit
, or leveraging polkit
with pkexec
can offer even more controlled and secure ways to manage file editing with elevated privileges. However, it's perfectly acceptable to stick with sudoedit
, as it's a commonly trusted tool.
Be aware that direct usage of sudo nano
or other editors is strongly discouraged. It bypasses important security mechanisms and can lead to inadvertent system-wide risks.
EDIT: changed VISUAL=nano sudoedit
to VISUAL=nano sudoedit /path/to/file
.
I agree with the general sentiment. Thank you for mentioning that!
Though, the use of sudo nano
might still pose a risk if any software found on the system is either vulnerable/exploitable, not trusted, or simply exploitative. In that case, like what's achieved through sandboxing i.e. not allow the software to go beyond their intended scope, it makes sense to put a limit on the capabilities of the software. And to that effect, the use of sudoedit
still offers merit over sudo nano
.
Though, if the user doesn't (already) rely on bubblejail, firejail, Flatpak etc for what they offer in sandboxing. And/or if said user simply doesn't care for the principle of least privilege, then the use of sudo nano
is perfectly valid.
Never heard of sudoedit. I want to experiment with a system where I alias sudo=pkexec
, VanillaOS does that