#357 Privilege escalation for editing files

open
nobody
None
5
2010-05-04
2010-05-04
Victor Engmark
No

When opening a file that is not writable by the current user, jEdit should check whether the user wants to open the file read-only or as superuser / another user. Here's an imagined workflow:
1. According to the principle of least privilege, start by notifying the user that the file cannot be modified with the current privileges. Ask if the user wants to open read-only or read-write (and maybe a check box to use the same option for all other files opened at the same time).
2. If the user selected read-write, display the users/groups which have write access and user/password boxes. If the user is also a member of sudoers, there could be a check box to use sudo which would gray out the user box and focus the password.

Discussion

  • Hi, I'm not sure it is possible to do that with java.
    What would happens on Windows ?
    Do any software do that ?

     
  • Victor Engmark
    Victor Engmark
    2010-05-04

    It would have to be adopted to the individual platforms, but certainly it should be possible in Java. There should be cross-platform libraries at least to get the privileges assigned to a file. Emacs does this <http://stackoverflow.com/questions/95631/open-a-file-with-su-sudo-inside-emacs>, and Vim at least allows you to save via sudo <http://www.commandlinefu.com/commands/view/1204/save-a-file-you-edited-in-vim-without-the-needed-permissions>. Nautilus and Explorer both have options to run as superuser, so it should be possible to find the code that does just the access right reading.