How to save a file in vscode-remote SSH with a non-root user privileges
Vscode RemoteVscode Remote Problem Overview
I am not able to save any files on my remote server with VSCode Remote SSH because I am not a root user.
I've followed the official documentation about how to set up ssh with SSH config file but even if my user as sudo privileges, I can't find any options in VSCode to save with sudo.
here is my SSH config file /Users/geoff/.ssh/config:
Host gcpmain
User geoff
HostName <IP_ADDRESS>
IdentityFile ~/.ssh/gc_rsa
Obviously, when I try to save any files that require sudo I have this expected error message:
Failed to save 'default': Unable to write file (NoPermissions
(FileSystemError): Error: EACCES: permission denied, open
'/etc/nginx/sites-available/default')
Is there any way that I can force VSCode to save as sudo? Thanks a lot for your answers! :)
Vscode Remote Solutions
Solution 1 - Vscode Remote
I recommend this VSCode extension: Save as Root in Remote SSH
Install the extension on a window opened with Remote-SSH and use "Save as Root" in the command palette instead of Ctrl+S.
Basically, it reads the contents of the editor and calls the sudo command to overwrite the file.
Solution 2 - Vscode Remote
sudo chown -R myuser /path/to/folder
This worked fine for me!
Solution 3 - Vscode Remote
I have faced the same question when I tried to edit the nginx conf files on my VPS. There is an open issue at github: Elevate rights on SSH remote, addressing similar problems.
As a temporary solution you can use WinScp - add sudo /path/to/sftp-server to your connection settings and then you can save changes to most (if not any) file. WinScp use sudo on login.
Solution 4 - Vscode Remote
I also met the same issue when using vs code to ssh login CentOS with non-root account.
The true reason is: Your user account ("geoff" here) need to get the permission of the destination directory first.
sudo setfacl -R -m u:geoff:rwx /etc/nginx/sites-available/default
for you case.
More general usage:
sudo setfacl -R -m u:username:rwx /path/to/directory
This command will help you get the permission of the directory /path/to/directory, without influencing the permissions of any other user or group. Not recommend to use chown. This solution can be used on Mac/Linux.
When you finish running above command, you can edit and save in VS code. May it be helpful for you.
Solution 5 - Vscode Remote
Easiest solution for configuring files on a remote machine using a VSCode ssh (I use an Ubuntu EC2 instance with AWS) is to modify the file privileges while you work on the files using chmod.
By default, server config files (/etc/nginx/sites-available/default) are read-only (require sudo to write/save). There are open issues to allow VSCode SSH sudo access, however no good solution that I was able to find.
When you need to configure server files in dev, run this in your command-line SSH (non-VSCode) with sudo privileges:
sudo chmod a+rwx /etc/nginx/sites-enabled/default
(or whatever your path to server config file is).
You can then ssh with VSCode and save the edited file freely.
If you don't like working in vim through the command line and want to use VSCode to edit server config files, this might be the quickest solution. Don't forget to switch file permissions back to read-only when you're done:
sudo chmod -R 0444 /etc/nginx/sites-available/default
Solution 6 - Vscode Remote
Not quite answering your question, but a workaround nonetheless...
I have the same issue in a purely Dev environment (the remote Linux box is not in Production, and I have the root password). I worked around it by connecting as root whilst restricting where you can connect as root from.
-
Follow the inctructions for setting up your authorized_keys file, but do the steps as root instead of your user: https://code.visualstudio.com/docs/remote/troubleshooting#_configuring-key-based-authentication
-
Edit (vi) your root authorized_keys file which should have an entry that looks something like
ssh-rsa ...Lots of text... dev@host
- Change the entry so that it reads:
from="9.8.7.6" ssh-rsa ...Lots of text... dev@host
(where 9.8.7.6 is your VSCode dev machine)
Edit the connection entry under VSCode so that it reads something like:
# Read more about SSH config files: https://linux.die.net/man/5/ssh_config Host linuxdev HostName linuxdev.resolvable.fqdn User root
All of the above assumes that you know the root password and that sshd_config already has PermitRootLogin=yes.
If you want to further restrict the SSH root login from your VSCode Dev machine, then you could set PermitRootLogin=no globally in sshd_config and add a new restriction within sshd_config like this (at the end of the file):
Match Host 9.8.7.6 PermitRootLogin yes
Then restart sshd (systemctl restart sshd) for the new SSHD permission to apply.
Solution 7 - Vscode Remote
I connect to the remote Ubuntu machine from the local VSCode using SSH and install VSCode inside the Ubuntu machine. I was able to create the files but can't write anything there.
I need to write a Prometheus config file and this is how I gave the write permission:
sudo chown -R ubuntu /etc/prometheus/prometheus.yml
Solution 8 - Vscode Remote
One solution for Linux I just came across is to use bindfs (sudo apt install bindfs).
To enable editing /etc/nginx as root for the current user, working in ~/.bind-mounts/nginx:
mkdir -p ~/.bind-mounts/nginx
sudo bindfs --map=root/${USER}:@root/@$(id -gn) /etc/nginx ~/.bind-mounts/nginx
sudo umount ~/.bind-mounts/nginx # When you're done, or run bindfs with '-f' to keep it in the foreground
bindfs has many options. --map may not be the best. It's been working in my testing so far.
Everything seems to work as you'd expect. Lets you "explore" as root and any modifications will be made as if you had root's permissions. Just don't forget the security implications!