Linux
Last updated
Last updated
Applications frequently store user-specific configuration files and subdirectories within a user's home directory, typically only writable by the user themselves or root.
.bash_profile is executed when logging in to the system initially. This happens when logging in to the machine itself, via a serial console or SSH.
.bashrc is executed when a new terminal window is opened from an existing login session or when a new shell instance is started from an existing login session.
We can modify .bash_profile or .bashrc to set environment variables or load scripts when a user initially logs in to a system. Can be useful when trying to maintain persistence, and escalate privileges... e.g. echo "touch /tmp/bashtest.txt" >> ~/.bashrc
VIM handles its configuration files differently for a user in a sudo context depending on the distribution of Linux.
Ubuntu and Red Hat, VIM will use the current user's .vimrc configuration file even in a sudo context. (if the user runs VIM via sudo, our script being sourced will also run as root)
In other distributions, such as Debian, in a sudo context, VIM will use the root user's VIM configuration. We can add an alias to the user's .bashrc file as below shows -
The alias replaces a standard sudo call with one that will force sudo to persist the user's VIM settings, so that the shell script being loaded will then also run as root when user runs VIM via sudo
If sudo -l shows NOPASSWD on vim command to open specific file, we can just run su vi the_file and use :shell directly to gain root shell without root password
Note that many administrators now require the use of sudoedit for modifying sensitive files. This process makes copies of the files for the user to edit and then uses sudo to overwrite the old files. It also prevents the editor itself from running as sudo. Having said this, it is also not uncommon to find that system administrators simply add VIM to the allowed commands in the sudoers file instead.
