sudo (is something you don’t do)

We are currently in the process of migrating our HOWTO articles to a new CCIS Knowledgebase. The content of this page has been moved to the following KB article:

KB0012111: sudo (is something you don’t do)

Click here to expand the deprecated HOWTO page

Note: This article is about the sudo command on Systems-managed CCIS machines. For instructions on using sudo on your own machine or a machine on which you have been given the ability to run commands using sudo, please consult another documentation source.

What is sudo?

sudo (technically: “Substitute User DO“, but also know as “Switch User DO” or “Super User DO“) is a UNIX/Linux tool which can be used to allow certain accounts to execute certain commands as certain other accounts. It is most commonly used to allow non-privileged (non-root) accounts to run commands as the root or “Super User” account.

Who can run commands using sudo on Systems-managed CCIS machines?

Use of sudo on Systems-managed CCIS machines is restricted to members of the Systems group. If you need a change made to a system you are using, please contact the Systems group (systems@ccs.neu.edu or drop by 310 WVH).

Why can’t I use sudo on a Systems-managed CCIS machine?

If you have sudo privileges on a machine but you don’t know what you’re doing or you aren’t careful, it is very easy to destroy data and/or render the machine unusable for yourself and anyone else. sudo has no safety belt! sudo can also be used to violate the privacy of other people with accounts on a system (eg: copy another student’s homework, read another person’s email, etc).

As such, we restrict sudo privileges to a small group of staff in order to ensure the availability of Systems-managed CCIS machines and the privacy of those who use them.

Why should I pay attention to where I am running sudo?

Sometimes people will attempt to use sudo on Systems-managed CCIS machines because they’ve confused one terminal or ssh session with another, and they type something meant for one window (machine) into another window (machine).

You should always double check what machine you are typing on before running sudo. We at CCIS aren’t likely to give anyone much trouble for mistakenly attempting to run sudo on the wrong machine, but in some jurisdictions or organizations attempting to use sudo on a machine on which you have not been authorized to sudo could potentially land you in legal trouble or cause you to lose your job.

Always double check which machine you’re on before invoking sudo.

What are some poor reasons to use sudo?

One of the most common reasons we see students attempt to use sudo is that they are working on something, they run into a problem, and rather than taking (more) time to try to understand the problem, they decide to “hit it [the problem] with a bigger hammer.” We understand the frustration that can come when something doesn’t work, but most often reaching for sudo is the wrong approach, and wouldn’t help even if the student was authorized to use sudo.

Some examples:

  • My code won’t compile: Is the compiler throwing an error? What does that error mean? Does searching the web for the error help? Generally speaking, code that won’t compile for one account won’t compile for any account, even root.
  • My script or binary won’t execute: Is it marked executable (chmod +x <filename>)? A file that doesn’t have the execute bit set (ls -l, look for an “x“) isn’t executable for any account, even root.
  • I can’t remove a file: Is it a file or a directory? Use rm on files, rmdir on directories. Note: rmdir won’t remove an empty directory. These rules hold true for root, too.
  • I’m getting an error of “Command not found” (or something to that effect): Then the command probably doesn’t exist, isn’t installed, or isn’t in your PATH. One thing is for sure: If your shell can’t find the command, then putting sudo in front of it won’t make a difference (sudo doesn’t have any special places it searches for commands, it just runs what you tell it to run, which is based on what your shell can find).

More generally than those specific examples:

  • Something you’re trying to do is failing with errors: Search the web for those errors or read the documentation for the tool(s) or program(s) you are using.
  • You can’t ssh/http/svn/etc to a machine: Are you sure you’re trying to connect to the right machine? If so, is it even accessible from the system you’re using (eg: is there a firewall in the way)? Maybe you can ping it, but do you have an authorized account on it?
  • Check: Are all of the arguments you’re passing on the command line correct? Are they in the correct sequence?
  • Check: Do you need to add a space between a command line flag and its argument?
  • Check: Does that file you’re trying to work on exist? Are you spelling its name correctly, properly escaping special characters? (eg: putting a backslash (“”) in front of spaces.) Are you properly quoting any string that needs to be quoted? Are you using the right kind of quoting? (Sometimes you want double quotes and other times you want single quotes.)

The above is only a limited set of examples, but they all speak to the same trend: Trying to compensate for a lack of understanding with digital brute-force. Sometimes that might work; most of the time it won’t; but either way: How much are you really learning if you take this path?

Ok, but what about tasks that really can only be accomplished with sudo?

We do see folks trying to use sudo properly (albeit without permission) to solve their own problems. eg:

  • Install a piece of software they’d like to use
  • Debug a problem by looking in non-public log files or viewing other machine information
  • Make a configuration change which is necessary to achieve a certain goal

In those cases, please contact Systems with your request (we’re generally happy to install most software and to make reasonable configuration changes that won’t affect other people negatively).

Finally: We see a large number of students attempt to install software which is already installed. ie: There’s no need for anyone to sudo because the software is already there! For any software which isn’t installed, of course, just contact Systems and ask that it be installed!

But I need to use to sudo to do ________!

If you are a student in a CCIS class: None of your course work should require you to use sudo on a Systems-managed machine. Either your instructor or TA will have designed your assignments such that they can be done without sudo (remember: your instructor doesn’t have sudo on Systems-managed machines, either), or you should have been allotted a Virtual Machine or other system on which to work. If the latter is the case, your instructor will have given you instructions to this effect. If you think that you need sudo to do part of an assignment, please contact your instructor or TA, and that person will either give you other instructions or contact Systems to request resources on your behalf.

If you are a CCIS graduate student or research assistant: If your research requires you to have sudo on the machines on which you work, please contact Systems or your faculty sponsor to discuss your needs, and we’ll be happy to help!

If you are a CCIS faculty or staff member: Please contact Systems, and we’ll be happy to help!

Comments on this entry are closed.