128

I want to open a file inside Emacs which is located on a remote server, with sudo powers on the server. I can open local files with sudo via Tramp like this:

C-x C-f /sudo::/home/user/file

But I want to use sudo on the server:

C-x C-f /sudo::user@server/home/user/file

But this gives me sudo powers on my local machine, it asks for my sudo password on the local machine. Is there a way to use sudo on the server?

BTW: Emacs is not installed on the server

ijk
  • 175
  • 1
  • 7
Fernando Briano
  • 7,699
  • 13
  • 58
  • 75

5 Answers5

214

As of Emacs 24.3, an analog of the old multi: syntax has been layered on top of the modern tramp-default-proxies-alist approach, meaning that you can once again perform multi-hops without any prior configuration. For details, see:

C-hig (tramp)Ad-hoc multi-hops RET

With the new syntax, each 'hop' is separated by |. The example in the manual is:

C-xC-f /ssh:bird@bastion|ssh:you@remotehost:/path RET

Which connects firstly as bird@bastion, and from there to you@remotehost:/path

/su: or /sudo: on remote hosts

You can also use this syntax to sudo/su to root (or of course any other user) on a remote host:

C-xC-f /ssh:you@remotehost|sudo:remotehost:/path/to/file RET

Important: be sure to specify the hostname explicitly: sudo:remotehost: rather than sudo:: (see below).

As this still uses the proxy mechanism underneath, tramp-default-proxies-alist should now include the value ("remotehost" "root" "/ssh:you@remotehost:")

Meaning that the proxy /ssh:you@remotehost: is going to be used whenever you request a file as root@remotehost.

root is the default user for these methods, but you can of course also change to a non-root user with:

C-xC-f /ssh:you@remotehost|sudo:them@remotehost:/path/to/file RET

Always specify the remote hostname explicitly

You are probably used to using sudo:: or su:: and omitting the hostname. If you are staying on the localhost then this is still fine, but if you are hopping to a remote server then you must specify the hostname for every hop -- even if it is the same as for the previous hop. Always use sudo:hostname: or su:hostname: with remote hosts.

The trap here is that sudo:: does actually appear to work -- however when you do that the HOST for the dynamic proxy entry will be the hostname you originated from rather than the host you connected to. This will not only look confusing (as the wrong host will be displayed in the file paths), but it will also mean that any subsequent attempt to use sudo:: on your localhost will instead be proxied to the remote server! (and the proxy would also presumably be clobbered if you did the same thing on a second server, causing further issues).

In short, don't use :: when you multi-hop!

Emacs 27+

Starting from Emacs 27.1 (or Tramp 2.4.2, if using the GNU ELPA package) the :: case works intuitively, such that /ssh:you@remotehost|sudo:: will re-use remotehost rather than your own local host, and so you won't end up with a bad proxy entry.

In addition, the likes of /ssh:you@remotehost|sudo:localhost: are detected and flagged as user errors.

If you are liable to use a mixture of Emacs versions including versions earlier than 27 (or you are advising someone else who may be using an older version), then it would be safest to continue to treat :: as unsafe when multi-hopping, to avoid potential mishap. (I.e. specifying the correct remote host explicitly will remain the safest approach if the Tramp version is unknown.)

phils
  • 71,335
  • 11
  • 153
  • 198
  • 5
    and now added to wikemacs as well http://wikemacs.org/index.php/TRAMP. Thanks phils, it works great. – Ehvince Jul 24 '13 at 10:14
  • 1
    I just found this answer, and it works great...except that I have hostname shorthand defined in an .ssh/config file. When I type `/sudo:hostname:/etc/hosts`, I get what you would expect, but when I type `/sudo:abbrev:/etc/hosts`, I get the message "Host abbrev looks like a remote host, sudo can only use the local host". Is this fixable? – rogerl May 09 '16 at 16:03
  • 3
    rogerl: I also have `.ssh/config` entries, and I don't have any problems using `/ssh:abbrev|sudo:abbrev:/etc/hosts` for my hostname abbreviations. It looks like you're not hopping to the host first. – phils May 09 '16 at 21:24
  • @phils Perhaps I should post this as a new question. However: my config file looks like Host r User rlipsett Hostname odlinux IdentityFile ~/.ssh/id-rsa.pub and my `tramp-default-proxies-alist` appears to be correct. Yet the behavior I described above persists. Is my config file somehow wrong? – rogerl May 12 '16 at 18:45
  • It's still not clear to me whether you are *actually* trying to use `/sudo:abbrev:/etc/hosts` as you put in your previous comment (which is wrong, as mentioned), or if you're using the correct `/ssh:abbrev|sudo:abbrev:/etc/hosts`. Your ssh config file is presumably fine, as you can evidentially use it otherwise. – phils May 12 '16 at 21:52
  • If you *do* have the correct `tramp-default-proxies-alist` config already in place, then you can likely use `/sudo:root@abbrev:/etc/hosts` as (slight) shorthand; but I'd suggest using the longer form in general. – phils May 12 '16 at 21:58
  • @phils The only reason I was trying that shorthand syntax at all was because of your answer [here](https://emacs.stackexchange.com/questions/21752/setting-up-shortcut-using-tramp-default-proxies-alist). It's really unfortunate that there is no decent shorthand, since I use emacs to manage files on a remote server regularly. – rogerl May 13 '16 at 13:42
  • Ah, I see. That wasn't *my* answer, though -- and I didn't spot the issue when I was commenting on it, because I only ever manually type the paths using the longer syntax. I'll grant you that it's awfully odd that Michael Albinus would have written something incorrect about tramp, but it rather seems that way. You should follow up that answer and query it with him. – phils May 13 '16 at 14:45
  • @phils root ssh login has to be enabled for though correct? – Startec Sep 01 '17 at 02:31
  • @Startec, I wouldn't have thought so, but if you've tested and found that to be the case then I can't nay-say it. – phils Sep 01 '17 at 02:56
  • @phils could you give just a little bit of explanation as to what the `|` does? For instance, at the end of it, am I logged in as `user` or `root`? I it as though I `ssh`'d as the root user? Currently this is not working as this "times out". – Startec Sep 01 '17 at 02:58
  • @phils this does not work. Emacs just hangs forever. It asks me for the password for the root user, and here is the error log: https://pastebin.com/M20ezpgi – Startec Sep 01 '17 at 04:02
  • I can't really help, sorry. I can see that "Tramp: Waiting for prompts from remote shell...failed" has timed out after password entry, but the reason is not clear to me. I trust you do have sudo access in the first place? Note that the password you're asked for is commonly the original user's password, not the root user's password (although it may vary between systems and configs), in which case the user needs to have been granted permission to use sudo. I suggest that you confirm your sudo access outside of Emacs, if you have not done so already. – phils Sep 01 '17 at 04:40
  • @phils [this](https://stackoverflow.com/a/8363532/3291506) was my issue / solution! – Startec Sep 01 '17 at 21:33
  • 4
    Quick update -- As of Emacs 27, the `::` case will work the way you want it to, such that `/ssh:you@remotehost|sudo::` will re-use `remotehost` rather than your own local hostname, so you won't end up with a bad proxy entry. In addition, the likes of `/ssh:you@remotehost|sudo:localhost:` are detected and flagged as user errors. (Of course, if you are liable to use a mixture of Emacs versions, you should continue to treat `::` as unsafe when multi-hopping in general, to avoid potential mishap.) – phils Dec 31 '18 at 22:07
  • How might I configure trap to use `dzdo` instead of `sudo`? https://docs.centrify.com/Content/aud-events/dzdo.htm – willwillis Oct 06 '22 at 21:59
  • @willwillis I've never heard of that one, but start at `C-h v tramp-methods` and look at the definitions for similar methods `sudo`, `su`, `ksu`, `doas`, `sg`. See also `C-h i g (tramp)Inline methods`. From there you may or may not need to dig deeper into how these are handled in the code, but that should provide a starting point. – phils Oct 06 '22 at 22:59
21

Update: Although this answer solved the original problem, it was written for emacs 20 or 21. For emacs 24, I recommend you use phils's answer because it offers more explanation and is up to date.

I think multi-hop filenames in tramp is what you're looking for.

The first hop would be ssh and the second would be sudo.

Update: Recent versions of emacs support multiple hops using proxies: 

(add-to-list 'tramp-default-proxies-alist ("my-sudo-alias" nil "/ssh:user@ssh-host"))

Then invoke by opening:

/sudo:my-sudo-alias:file-on-ssh-host
Community
  • 1
  • 1
Dave Bacher
  • 15,652
  • 3
  • 63
  • 86
  • This seems like the solution, but I get: "multi method is no longer supported" Can you point me to an updated manual? – Fernando Briano Feb 02 '10 at 13:48
  • M-x info, C-s tramp :) You may need to define a fake host as the target of your sudo and add it to tramp-default-proxy-alist. – Dave Bacher Feb 02 '10 at 17:47
  • 2
    I couldn't get it running in my configuration (error 255?), but the following line in .emacs works: (set-default 'tramp-default-proxies-alist (quote (("my-sudo-alias" nil "/ssh:user@ssh-host:")))) – ang mo Jan 20 '11 at 15:09
  • The updated answer doesn't define "recent", has invalid elisp, and doesn't work even when you correct it. I'm on a stable version of emacs released over a year after the updated answer. – Michael Wolf Jun 07 '13 at 15:21
  • I had to use `tramp-default-proxies-alist` for this; but when I try to visit a file `sudo:my-sudo-alias:/etc/anything` Emacs complains about "Method `scpc' is not supported for multi-hops.". Any ideas? – manu Oct 09 '13 at 19:13
  • 1
    The *real* answer as of 2014/24.3 is the following answer, using "ad-hoc multi-hops" – TomRoche Sep 15 '14 at 20:31
7

I had some troubles with the selected answer. However, it worked when I added this line to .emacs:

(add-to-list 'tramp-default-proxies-alist '(".*" "\\`root\\'" "/ssh:%h:"))

And then executed the following:

/sudo:ssh-host:file-on-ssh-host

It was slightly confusing because at one point I was prompted for the "root" password, but entering my user's password granted me access. It also universally works on all hosts on the network. Also, I can still do this to not be root:

/ssh:ssh-host:file-on-ssh-host

npostavs
  • 4,877
  • 1
  • 24
  • 43
User1
  • 39,458
  • 69
  • 187
  • 265
  • 3
    This was not working for me. It looks that in Ubuntu, at least with version 23.2.1 of Emacs and version 2.1.18-23.2 of tramp this does not work. This works, though: http://info.solomonson.com/content/doing-sudo-remote-server-emacs-opensave-file – gaizka Oct 14 '10 at 09:59
  • (set-default 'tramp-default-proxies-alist (quote ((".*" "\\`root\\'" "/ssh:%h:")))) – gaizka Oct 14 '10 at 10:01
  • 1
    I am not able to get either of the solutions above to work (add-to-list or set-default). The first causes Emacs to choke on startup and the second gives me "Host `abc.xyz.com' looks like a remote host, `sudo' can only use the local host" as soon as I enter the second colon in "/sudo:abc.xyz.com:". Ideas? Emacs 23.1.1 on Ubuntu 10.04 LTS. – SabreWolfy Jul 25 '11 at 13:37
3

From the tramp multi-hops configuration webpage

 (add-to-list 'tramp-default-proxies-alist
                   '(nil "\\`root\\'" "/ssh:%h:"))
      (add-to-list 'tramp-default-proxies-alist
                   '((regexp-quote (system-name)) nil nil))

Then any 

C-x C-f /sudo:remote-host:/file

will open file using sudo after logged with the same username of the user running emacs but on the remote machine.

vampolo
  • 107
  • 1
  • 4
-13

You have to ssh into the server first, then you have to run emacs locally.

Or you can use NFS with no_root_squash, or you can try with emacs server/client, although I have no idea of what may happen (do not use emacs myself)

Dan Andreatta
  • 3,611
  • 1
  • 22
  • 15
  • I tried, but I cannot access files as root with sshfs, when mounting it as regular user. I guess it is a setup problem. – Dan Andreatta Feb 01 '10 at 16:05
  • As Hassan noted, no_root_squash should be used with care. – Dan Andreatta Feb 01 '10 at 16:07
  • 9
    -1 for not answering the question. -1 for suggesting NFS instead of SSH. -1 for suggesting no_root_squash. -1 for suggesting Emacs client, which uses usually Unix domain sockets, for a remote communication problem. -1 for blethering about Emacs without using it. – ceving Nov 02 '16 at 10:07