101

I am not able to save any files on my remote server with VSCode Remote SSH because I am not a root user.

I've followed the official documentation about how to set up ssh with SSH config file but even if my user as sudo privileges, I can't find any options in VSCode to save with sudo.

here is my SSH config file /Users/geoff/.ssh/config:

Host gcpmain
    User geoff
    HostName <IP_ADDRESS>
    IdentityFile ~/.ssh/gc_rsa

Obviously, when I try to save any files that require sudo I have this expected error message:

Failed to save 'default': Unable to write file (NoPermissions
 (FileSystemError): Error: EACCES: permission denied, open 
'/etc/nginx/sites-available/default')

Is there any way that I can force VSCode to save as sudo? Thanks a lot for your answers! :)

Geoff
  • 1,113
  • 2
  • 7
  • 6
  • 5
    I had this issue and just doing a `$ sudo chown -R non_root_username /path/to/directory` did the trick – Rahul Aug 12 '20 at 13:07
  • 13
    For anyone just learning, it should be noted that @Rahul's comment alters the file ownership for all files within the directory which may have other repercussions, such as breaking some services that expect to be the owner of certain files. – GuitarPicker Apr 15 '21 at 15:07

12 Answers12

102

I recommend this VSCode extension: Save as Root in Remote SSH

Install the extension on a window opened with Remote-SSH and use "Save as Root" in the command palette instead of Ctrl+S.

Basically, it reads the contents of the editor and calls the sudo command to overwrite the file.

umitu
  • 2,423
  • 1
  • 10
  • 28
64
sudo chown -R $USER /path/to/folder

This worked fine for me!

hassanzadeh.sd
  • 3,091
  • 1
  • 17
  • 26
Gautam Ghai
  • 769
  • 4
  • 4
  • 1
    It works for me. Note that: run this command in your container. For example, you run with the user of docker, then change the `myuser` to docker. In my case, I ran `NV_GPU=0 nvidia-docker run -d --user docker -v /home/goodman/myproject:/home/docker/app -t goodman:torch_demo`. Inside the container, run `sudo chown -R docker /home/docker/app`. – GoingMyWay Sep 22 '21 at 01:45
  • 3
    @umitu's recommended VS Code extension is better for most scenarios. Repeatedly changing file permissions to test something that is overwritten by an automated process isn't efficient. – Abel Wenning Dec 15 '21 at 00:05
  • 7
    This is a pretty poor answer. 1. because I'm sure the OP knows how to change file permissions, and understands the error enough to know that doing so would make the error go away. So doesn't really answer the question of how to do this in vscode. And 2. because this is not efficient. And 3. files owned by root are typically owned by root for good reason. Imagine if you had a malicious process on your server that was trying to access root owned files every 1 minute. Changing them for a few minutes when not necessary could be disastrous. – dylzee Aug 11 '22 at 02:39
19

I also met the same issue when using vs code to ssh login CentOS with non-root account.

The true reason is: Your user account ("geoff" here) need to get the permission of the destination directory first.

sudo setfacl -R -m u:geoff:rwx /etc/nginx/sites-available/default

for you case.


More general usage:

sudo setfacl -R -m u:username:rwx /path/to/directory

This command will help you get the permission of the directory /path/to/directory, without influencing the permissions of any other user or group. Not recommend to use chown. This solution can be used on Mac/Linux.

When you finish running above command, you can edit and save in VS code. May it be helpful for you.

Bravo Yeung
  • 8,654
  • 5
  • 38
  • 45
  • @Geoff Hey, FYI. I tried, solved the similar issue. – Bravo Yeung Dec 05 '20 at 11:00
  • 5
    Great answer, much better than nuking the ownership to yourself :) – CTS_AE Sep 15 '21 at 07:33
  • 1
    just wanted to support this answer and also add that I did a bit of an alternative by adding the user to the group for the folder by doing `usermod -aG `. Make sure that the group permissions can write :) – Cristiansen Dec 11 '22 at 22:51
  • 2
    Unless you want to use the Save as Root in SSH extension, this should be the right answer. Adding the user to the directories' Access Control Lists is far better than changing the ownership, which can have plenty of unwanted knock-on effects. – Bobbie E. Ray Jun 15 '23 at 14:03
7

I have faced the same question when I tried to edit the nginx conf files on my VPS. There is an open issue at github: Elevate rights on SSH remote, addressing similar problems.

As a temporary solution you can use WinScp - add sudo /path/to/sftp-server to your connection settings and then you can save changes to most (if not any) file. WinScp use sudo on login.

Csaba Varga
  • 81
  • 2
  • 3
  • 1
    Thank you very much for your answer, I am on macOS so I can't use WinScp has it is only for windows. It seems that the problem still persists based on this [opened issue](https://github.com/microsoft/vscode/issues/48659). We will have to wait and see how it will be handled in the future I guess! Thanks again! – Geoff Jun 11 '19 at 20:05
  • MS install a suite of utilities on the remote linux machine, one is the "code" command which will open the specified file in the Local VSC window. So I thought I'd run that through sudo and got this error "Command is only available in WSL or inside a Visual Studio Code terminal." – silicontrip Feb 26 '20 at 01:23
6

Easiest solution for configuring files on a remote machine using a VSCode ssh (I use an Ubuntu EC2 instance with AWS) is to modify the file privileges while you work on the files using chmod.

By default, server config files (/etc/nginx/sites-available/default) are read-only (require sudo to write/save). There are open issues to allow VSCode SSH sudo access, however no good solution that I was able to find.

When you need to configure server files in dev, run this in your command-line SSH (non-VSCode) with sudo privileges:

sudo chmod a+rwx /etc/nginx/sites-enabled/default

(or whatever your path to server config file is).

You can then ssh with VSCode and save the edited file freely.

If you don't like working in vim through the command line and want to use VSCode to edit server config files, this might be the quickest solution. Don't forget to switch file permissions back to read-only when you're done:

sudo chmod -R 0444 /etc/nginx/sites-available/default

e-dylan
  • 69
  • 2
  • 2
  • makes sense. Its like unlocking the door while you're busy, to make things easy . Then when you're done lock up again. Especially if its not a shared server and there is no password access, only SSH key access – Sharkfin Apr 30 '22 at 14:01
  • 1
    This can be a major security problem. You shouldn't do this, and if you DO do this, for the love of god, disable it when you're done. (Though god help you if you do this on, say, a `public_html` folder, because the correct original permissions AREN'T 0444 on those folders.) – Eliezer Berlin Aug 10 '22 at 09:10
2

Not quite answering your question, but a workaround nonetheless...

I have the same issue in a purely Dev environment (the remote Linux box is not in Production, and I have the root password). I worked around it by connecting as root whilst restricting where you can connect as root from.

ssh-rsa ...Lots of text... dev@host

  • Change the entry so that it reads:

from="9.8.7.6" ssh-rsa ...Lots of text... dev@host (where 9.8.7.6 is your VSCode dev machine)

Edit the connection entry under VSCode so that it reads something like:

# Read more about SSH config files: https://linux.die.net/man/5/ssh_config Host linuxdev HostName linuxdev.resolvable.fqdn User root

All of the above assumes that you know the root password and that sshd_config already has PermitRootLogin=yes.

If you want to further restrict the SSH root login from your VSCode Dev machine, then you could set PermitRootLogin=no globally in sshd_config and add a new restriction within sshd_config like this (at the end of the file): Match Host 9.8.7.6 PermitRootLogin yes

Then restart sshd (systemctl restart sshd) for the new SSHD permission to apply.

misterjaytee
  • 424
  • 1
  • 6
  • 12
1

One solution for Linux I just came across is to use bindfs (sudo apt install bindfs).

To enable editing /etc/nginx as root for the current user, working in ~/.bind-mounts/nginx:

mkdir -p ~/.bind-mounts/nginx
sudo bindfs --map=root/${USER}:@root/@$(id -gn) /etc/nginx ~/.bind-mounts/nginx
sudo umount ~/.bind-mounts/nginx # When you're done, or run bindfs with '-f' to keep it in the foreground

bindfs has many options. --map may not be the best. It's been working in my testing so far.

Everything seems to work as you'd expect. Lets you "explore" as root and any modifications will be made as if you had root's permissions. Just don't forget the security implications!

Cameron Tacklind
  • 5,764
  • 1
  • 36
  • 45
0

Go to /etc/ssh/sshd_config and write:

PermitRootLogin yes

After that login using

ssh root@<Machine_IP>

Heitor Giacomini
  • 384
  • 2
  • 12
0

In case you are using SSH FS VSCode extension, and connecting to AWS EC2 Amazon Linux AMI, then below configuration should allow you editing files and saving with sudo permissions:

File: settings.json

"sshfs.configs": [
{
  "name": "your-config-name",
  "host": "your-host-name.compute.amazonaws.com",
  "username": "ec2-user",
  "privateKeyPath": "/path/to/ssh-key-in-ED25519-format.pem",
  "port": 22,
  "debug": false,
  "sftpSudo": true,
  "sftpCommand": "/usr/libexec/openssh/sftp-server"
}
]

Another possible value for "sftpCommand" json key is: "/usr/lib/openssh/sftp-server".

Vlad
  • 6,402
  • 1
  • 60
  • 74
-2

I connect to the remote Ubuntu machine from the local VSCode using SSH and install VSCode inside the Ubuntu machine. I was able to create the files but can't write anything there.

I need to write a Prometheus config file and this is how I gave the write permission:

sudo chown -R ubuntu /etc/prometheus/prometheus.yml
Arefe
  • 11,321
  • 18
  • 114
  • 168
-3
sudo chmod -R 777 folder_name_where_your_file_exists

or

sudo chmod -R 755 folder_name_where_your_file_exists
Niranjanadas M
  • 153
  • 2
  • 10
  • 4
    Remember that Stack Overflow isn't just intended to solve the immediate problem, but also to help future readers find solutions to similar problems, which requires understanding the underlying code. This is especially important for members of our community who are beginners, and not familiar with the syntax. Given that, **can you [edit] your answer to include an explanation of what you're doing** and why you believe it is the best approach? – Jeremy Caney Jul 27 '22 at 00:33
  • Just Try before you downvote! – Niranjanadas M Oct 01 '22 at 16:47
  • I didn’t downvote. But my suggestion will help others understand what you’re doing so they have the confidence to try it. – Jeremy Caney Oct 01 '22 at 19:24
-3

I have meet the same error, but I have watched this video, thanks help me.

sudo chown -R username dictoryname

vscode file

HenryTien
  • 105
  • 1
  • 2
  • There are already some "answers" like this. None of them answer the original question. What makes it worse, it is dangerous and _not_ recommended to change file/dir owner of services (or even root user) to an arbitrary user. It is not secure and calls for trouble. – xoryves Mar 14 '23 at 20:11