HowTo: Save A File In Vim / Vi Without Root Permission

by on March 30, 2010 · 41 comments· LAST UPDATED March 31, 2010

in , ,

This happens lot of times. I login as a normal user and start to edit httpd.conf or lighttpd.conf or named.conf in vim / vi text editor. However, I'm not able to save changes due to permission issue (all config files are owned by root). How do I save file without creating a temporary file (/tmp/httpd.conf) and then move the same (mv /tmp/httpd.conf /etc/httpd) as root using vim / vi itself?

You can use the combination of tee and sudo command (assuming that sudo is configured for your account) to save a file without creating a third file in /tmp. In this example, you will edit a file called /etc/apache2/conf.d/mediawiki.conf as a normal user:

$ vi /etc/apache2/conf.d/mediawiki.conf

Make some changes and try to save by pressing :w, enter:

Fig.01: Vim Cannot Open File (Permission Problem)

Fig.01: Vim Cannot Open File (Permission Problem)

To save a file, simply type the following command:

:w !sudo tee %

Fig.02: Save a file using sudo and tee

Fig.02: Save a file using sudo and tee


Where,

  • :w - Write a file.
  • !sudo - Call shell sudo command.
  • tee - The output of write (vim :w) command redirected using tee. The % is nothing but current file name i.e. /etc/apache2/conf.d/mediawiki.conf. In other words tee command is run as root and it takes standard input and write it to a file represented by %. However, this will prompt to reload file again (hit L to load changes in vim itself):
Fig.03: Save and Load File In Vim Again Without Login As Root

Fig.03: Save and Load File In Vim Again Without Login As Root

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 41 comments… read them below or add one }

1 James March 30, 2010 at 9:09 pm

:w !sudo %
does not work for me.

Reply

2 Sebastian Kusnier March 30, 2010 at 9:46 pm

“To save a file, simply type the following command:
:w !sudo %”

you forget tee in command

Reply

3 Steve March 30, 2010 at 10:30 pm

Wow, I can’t believe I never thought of that before.

I added this to my .vimrc that I sync on every machine I administrate based on what you wrote:

if has(“unix”)
command -nargs=? Swrite :w !sudo tee %
endif

Reply

4 gregf March 31, 2010 at 3:34 am

I have a :SudoW command in my vimrc that does exactly this. I got it from some one else’s blog at some point and can’t seem to find out where, at this point. Here is the snippet though.

command! -bar -nargs=0 SudoW :silent exe “write !sudo tee % >/dev/null” | silent edit!

Reply

5 nixCraft March 31, 2010 at 6:34 am

@Sebastian

Thanks for the head up! tee included in screen shot but somehow I forgot in command line.

Reply

6 nixCraft March 31, 2010 at 10:17 am

@James.

Use :w !sudo tee %. It was a typo on my part.

HTH

Reply

7 Manoj March 31, 2010 at 10:30 am

not working for me

:w !sudo tee%
!sudo teea
[No Valid Runas is Matched]
Sorry, user xxxxx is not allowed to execute ‘teea’ as anyone on newss1.
sudo: teea:command could not found.
Check the path or specify path plus command.
[Hit return to continue]
:q
No write since last change (:quit! overrides)
[Hit return to continue]

Tried with space as well after tee command

Regards,
Manoj

Reply

8 Philippe Petrinko March 31, 2010 at 10:31 am

Nice tip, thanks Vivek.

Reply

9 Jackson John March 31, 2010 at 10:35 am

Loved the Tip !!!!

Reply

10 nixCraft March 31, 2010 at 10:35 am

@Manoj,

Put a white space between tee and %
:w !sudo tee %
You must configure sudo. You use sudo for admin task, don’t you?, A typical /etc/sudoers for admin users:

%admin ALL=(ALL) ALL

And add your self to admin group (use usermod).

Reply

11 Daniel Reimann March 31, 2010 at 10:36 am

This is very useful, thank you for posting it.

Reply

12 justadreamer March 31, 2010 at 10:38 am

@Manoj
seems you are missing a space between tee and % in your command line

Reply

13 Manoj March 31, 2010 at 10:42 am

both the way i tried, seems sudo is not configured.

I dont have sudo/root permissions, what should i do?

Reply

14 Vinod Dham March 31, 2010 at 10:48 am

Vivek,

Love it. Thanks for sharing it.

BTW, I tried to reach earlier and your site was down for like hour or two.

Reply

15 Vinod Dham March 31, 2010 at 10:50 am

@Manoj,

Only root user suppose to access and edit files in /etc. This is not a hacking or creaking attempt.

Reply

16 nixCraft March 31, 2010 at 10:53 am

@Vinod,

Our apologies for the temporary inconvenience. There was some sort of network issue. Let me know if you’ve any more problems.

Reply

17 Nic0 March 31, 2010 at 11:42 am

This is an awesome trick, but I don’t get why the password is not asked ?

This mean whoever get my user access can changes files on /etc/ without knowledge of the sudo password ?

Reply

18 nixCraft March 31, 2010 at 12:21 pm

@Nic0,

You must have used sudo earlier. It remembers the password for some time (see sudo man page for more info). Another possibility is – you may have configured sudo without the password.

Reply

19 Nic0 March 31, 2010 at 12:43 pm

@Vivek Gite, My mistake, I did probably used sudo before. (and entry the password)
I tried again, and it ask for the password this time. Sorry.

Thanks for the tips anyway.

Reply

20 linuxnetzer March 31, 2010 at 12:53 pm

that one bugged me long enough. Cheers!

Reply

21 kizzx2 March 31, 2010 at 5:28 pm

This is very useful! Thanks!

Reply

22 Philippe Petrinko April 1, 2010 at 8:56 pm

Nice – but – sudo on my PC is configured to ask my password for every sudo call.
But then this tip fails, because I can see sudo requesting my password, waiting one second, then, as if I entered a wrong passwd, it fails, until three times, and I get rejected without beeing able to type my password in.
So, will this tip only work if sudo is configured not to ask password?
Did you test it?
If so, do you know why sudo is getting an entry? I do not type anything, but it seems to get some input through the [:w !sudo tee %] command.
Of course, I tried to type in my password – it failed.

Reply

23 nixCraft April 2, 2010 at 6:33 am

@Philippe,

Sudo is also configured here and I’ve no problem. What about passwd_timeout and timestamp_timeout?

Reply

24 Philippe Petrinko April 2, 2010 at 8:39 am

@Vivek,

No, that is not related to sudo parameters.
If found this: This tip works for [vi] or [vim],
but I have got this problem only with [gvim] – which is odd but true.

Reply

25 nixCraft April 4, 2010 at 8:22 am

@Philippe,

I see we are talking about GUI here. Have you tried out gui version of sudo gksudo instead of sudo? Try it on dummy file as gksudo some time provides real weird results when combined with shell utilizes (may be steams are not connected but dunno).

HTH

Reply

26 Philippe Petrinko April 4, 2010 at 8:37 am

@Vivek,
I just tried gksudo in place of sudo, it fails because :
– I enter :w ! gksudo tee %
– Then, I get a new line – no prompt – I try to enter my password, nothing happens,
I quit by , and then file is overwritten, but emptied by the procedure!
(also tried with gksudo -P)
So, in a way – it works ;-) file is wiped… :-/
That was a nice idea anyway!

Reply

27 Philippe Petrinko April 4, 2010 at 8:38 am

grrr Wordpress has eaten my words : I typed


I quit by , and then file is overwritten,

Reply

28 Philippe Petrinko April 4, 2010 at 8:40 am

Shooot !!! I ***** dislike Wordpress text entry !

Reply

29 nixCraft April 4, 2010 at 1:24 pm

@Philippe,

I’m out of ideas for gvim here and I guess it is related to GUI. Both stderr and stdout are terminal streams. And GUI version of gvim accept messages from user input devices (??), not from stdin so I guess you are getting empty file as a result. May be you need to patch gksudo to accept stderr or come with some sort of wrapper (we do this all the time with php-cgi and perl cgi fastcgi). Please update us if you find any other solution to your problem.

Reply

30 Bhaskar Chowdhury April 11, 2010 at 1:50 pm

Nice tip..but unfortunately it doesn’t work for me. I have followed discussion here and implemented the same thing …oh forget to tell that I am on Gentoo.
1)I have used sudo before run this command..(so that’s in history)
2)say I have open /etc/ntp.conf and once I passed the recommendation like this
:w !sudo tee %
it asked for password(that’s fine..if the time elapsed)

but says “Press enter to continue..”

@ Vivek

any idea??

Cheers!

Reply

31 nixCraft April 12, 2010 at 7:58 am

No idea, check /var/log/secure (RHEL / CentOS) or /var/log/auth.log (Debian and friends) logs details about sudo command and failed attempts. This may provide additional help. I’ve used this many times under Debian and RHEL based servers.

Reply

32 Daniel April 11, 2010 at 2:56 pm

This is neat. However, why not run Vi as root in the beginning? i.e.,

$ sudo vi /etc/fstab

Reply

33 Shane Kerns April 11, 2010 at 3:33 pm

How stupid can this post possibly get? If a username is already in sudo then he/she can just become root and edit a file.
If a username is configured only to do certain things like edit config files then there should be be no problem in editing that file to begin with, just use “sudo su”.

Reply

34 Daniel April 12, 2010 at 1:14 pm

Exactly, this is a good post because if you are vim’ing a file and have spent a lot of time and effort, and then realize you don’t have rights to :w the edits, then this is a perfect quick solution.

Reply

35 gregf April 11, 2010 at 11:57 pm

@Shane shouldn’t be calling anyone stupid when your typing sudo su. Try reading the sudo man page. The purpose of the post was to show you how to edit a file, you don’t have permissions to, without closing your editor and opening it again within sudo.

Reply

36 Christian April 21, 2010 at 11:05 am

There is also this Plugin SudoEdit.vim available, which provides the commands :SudoWrite and :SudoRead and uses TabCompletion for filenames. You can configure it to use sudo or su or even ssh.

http://www.vim.org/scripts/script.php?script_id=2709

Reply

37 nixCraft April 21, 2010 at 1:18 pm

Nice find :)

Reply

38 Anonymous June 22, 2010 at 9:22 am

this will work only the user is sudo user.

Reply

39 Anil Wable January 7, 2012 at 7:39 am

@ all,

i need to configure insult para in sudo file after given correct para it doesn’t work for me any ideas…?
para :- Defaults instults
:wq!

but same message shown after configure “Sorry, try again.”

Reply

40 Jakob February 20, 2012 at 2:17 pm

:w !sudo tee %

says:

:w !sudo tee %
Password:Sorry, try again.
Password:
Sorry, try again.
Password:
Sorry, try again.
sudo: 3 incorrect password attempts

shell returned 1
Press ENTER or type command to continue

Reply

41 sa August 8, 2012 at 1:30 pm

how do we disable this option in linux since there are chances for the users to edit the files

Reply

Leave a Comment

Tagged as: , , , , , , , , , , ,

Previous Faq:

Next Faq: