I’m searching new user escalation setups, out of curiosity/learning sake.
What I found (as far as I know) is that for editing root files (in my case I only want to edit /etc/nixos/* files as root), only sudo seems to have the capability of running a root shell for the editor.
I was thinking about the following setups for my configuration edit script (using sudo-rs as default sudo for all of them):
edit a specific configuration file in a temporary folder in my home directory, use run0 to redirect said file to /etc/nixos, delete the temporary folder
use sudo for sudoedit, sudo-rs for everything else (I’d have to search how to do it declaratively)
I wanted to ask if you can recommend a different setup and if there are other important user escalation commands that I should be aware of.
This may not be within the bounds of what you wanted an answer about, but it’s worth considering if /etc/nixos really needs to be owned by root at all. I know many nixos users, myself included, edit their configurations under their normal user permissions, and only escalate for activation.
That was my 1. Bullet point, sorry if I missexplained. If it’s the common choice, I’ll modify my script to do it. Is it generally a bad practice to edit files as root user, as it would escalate privileges for an undefined (potentially long) time? Thank you.
The other part of the question is if there are safer alteratives for esclating privileges to move the files to the /etc/nixos (other than using sudo), or if just sticking to sudo is good enough/ it is something one shouldn’t worry in practice
I’m literally suggesting running sudo chown -R $(whoami) /etc/nixos and leaving it that way. Your bullet point 1 seemed to describe a more complex temporary file setup.
This opens up the possibility of a sneaky edit to your config going unnoticed until your next nixos-rebuild, but only at the time of a nixos-rebuild is there an actual opportunity to accomplish anything. The files are inert at all other times, unlike most files in /etc. On most desktop systems, in practice, the game’s already mostly over if an attacker gets access as your user, so it’s not unreasonable to choose the simplicity of the user owning the config over the bit of additional security gained by leaving it owned by root.
Running your editor as the root user is both an unnecessarily large attack surface, and potentially a source of problems with the editor’s configuration. As with everything in security, though, it depends on your threat model.
Sudo has the advantage of being the most commonly used privilege escalation tool, and thus probably the most heavily scrutinized. It is more complex than a tool in its role perhaps should be, but realistically, that’s not a security distinction that’s relevant to almost anyone in actual usage. Overall, I wouldn’t spend much time fretting over which escalation tool you use, and instead spend that time on what you run as root and whether you really need to.