You can have a custom AuthZ solution and automatically inherit sudo permissions based on groups. It supports a configurable askpass. You can background jobs, change working directory, selectively pass or set environment variables, set $HOME, use a login shell, preserve origin groups, use a chroot, read a password from STDIN, override the shell, set a timeout. And of course the sudoedit features.
I know we all like programs that "do one thing well", but sometimes the best way to support all the use cases we want is a big honking program.
Aside from forcing vim onto innocent users?
> I feel that it's better than `sudo -e`, but would love to see an example where `sudo -e` is better.
It is way worse than `sudo -e`, because it runs the entire editor as root, whereas `sudo -e` runs a few file copies / move as root. So `sudo -e` has a significantly lower amount of stuff in the "secure zone", and thus, much in the same way `doas` is more secure than `sudo`, `sudo -e` is a lot more secure than running the entire editor.
It also works with anything you can set as $EDITOR.
Some editors (like vscode) will outright refuse to run as root by default.
The replies about security are interesting, but I think they are over-complicating this!
