hippy
Posts: 9650
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

"Sudo required"

Tue Apr 13, 2021 4:25 pm

Perhaps mostly rhetorical but, why do developers who are writing code which requires 'sudo' to function, and they know that, so often do not check if 'sudo' has been specified, or superuser privileges are held, and report a useful "You need sudo to run this program" but more often than not let the program just run and crash or fail in some way or trap it not working and merely report "that did not work' ?

I appreciate there are some edge cases where things might fail, the check won't be perfect, but it would catch most cases, let the user know they have to say 'please' when they have forgotten.

It has been drummed in to me, time after time, on courses and training I have attended; "Give understandable, meaningful and useful error messages. Let the user know what they got wrong whenever possible", and I agree with that philosophy, strive towards it. It seems many don't.

Raspberry Pi's 'raspi-config' is a fine example of doing it right, giving a clear and readily understandable report ...

Code: Select all

pi@Pi3B:~ $ raspi-config
Script must be run as root. Try 'sudo raspi-config'
But so much doesn't, and that includes other code from Raspberry Pi.

pidd
Posts: 1869
Joined: Fri May 29, 2020 8:29 pm
Location: Wirral, UK
Contact: Website

Re: "Sudo required"

Tue Apr 13, 2021 4:42 pm

It would be more educational for programs that don't need to have sudo to scream at the user for using sudo.

Is it possible to detect if a command has been sudo'd as opposed to being run by root?

Does sudo give you root:root or root:sudo?

User avatar
thagrol
Posts: 4656
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: "Sudo required"

Tue Apr 13, 2021 7:18 pm

hippy wrote:
Tue Apr 13, 2021 4:25 pm
Perhaps mostly rhetorical but, why do developers who are writing code which requires 'sudo' to function, and they know that, so often do not check if 'sudo' has been specified, or superuser privileges are held, and report a useful "You need sudo to run this program" but more often than not let the program just run and crash or fail in some way or trap it not working and merely report "that did not work' ?
A lot depends on your intended audience. While it'll be usefull for beginers, for old hands not so much.

Plus a lot of programmers seem to feel that "it works under ideal conditions" is good to release.

I appreciate there are some edge cases where things might fail, the check won't be perfect, but it would catch most cases, let the user know they have to say 'please' when they have forgotten.
sudo does not mean please. Many folks appear to interpret as such though and that belief is going to cause them grief. Maybe not today. Maybe not tomorrow, but soon, and for the rest of their life.
It has been drummed in to me, time after time, on courses and training I have attended; "Give understandable, meaningful and useful error messages. Let the user know what they got wrong whenever possible", and I agree with that philosophy, strive towards it. It seems many don't.
That's certainly my experience. Been fighting with programmers and senior management over it much of my career.

It's partly training, partly the intended audience, partly the programmers assumptions (especially about who is going to be using the code and what they know) but mostly about time, cost, and deadlines. Doing it properly can turn a 10 minute script into a three day marathon.

Even with the best intentions sometime you have to compromise.

Sometimes it's possible to make up for a lack in the code in the documentatiion but many don't read it.
I'm a volunteer. Take me for granted or abuse my support and I will walk away

All advice given is based on my experience. it worked for me, it may not work for you.
Need help? https://github.com/thagrol/Guides

lurk101
Posts: 517
Joined: Mon Jan 27, 2020 2:35 pm
Location: Cumming, GA (US)

Re: "Sudo required"

Tue Apr 13, 2021 7:53 pm

pidd wrote:
Tue Apr 13, 2021 4:42 pm
Is it possible to detect if a command has been sudo'd as opposed to being run by root?
Something like this?

Code: Select all

#include <unistd.h>
#include <iostream>
int main() { 
    auto me = getuid();
    auto myprivs = geteuid();
    if (me == myprivs)
        std::cout << "Running as self\n";
    else
        std::cout << "Running as somebody else\n";
}
Growing old is getting old.

pidd
Posts: 1869
Joined: Fri May 29, 2020 8:29 pm
Location: Wirral, UK
Contact: Website

Re: "Sudo required"

Tue Apr 13, 2021 8:08 pm

lurk101 wrote:
Tue Apr 13, 2021 7:53 pm
pidd wrote:
Tue Apr 13, 2021 4:42 pm
Is it possible to detect if a command has been sudo'd as opposed to being run by root?
Something like this?

Code: Select all

#include <unistd.h>
#include <iostream>
int main() { 
    auto me = getuid();
    auto myprivs = geteuid();
    if (me == myprivs)
        std::cout << "Running as self\n";
    else
        std::cout << "Running as somebody else\n";
}
I didn't think that would work only because I believed sudo changes the uid as well eg if I "sudo nano newfile" then newfile (if it didn't exist) will be owned by root.

User avatar
Paeryn
Posts: 3231
Joined: Wed Nov 23, 2011 1:10 am
Location: Sheffield, England

Re: "Sudo required"

Tue Apr 13, 2021 9:53 pm

pidd wrote:
Tue Apr 13, 2021 8:08 pm
lurk101 wrote:
Tue Apr 13, 2021 7:53 pm
pidd wrote:
Tue Apr 13, 2021 4:42 pm
Is it possible to detect if a command has been sudo'd as opposed to being run by root?
Something like this?

Code: Select all

#include <unistd.h>
#include <iostream>
int main() { 
    auto me = getuid();
    auto myprivs = geteuid();
    if (me == myprivs)
        std::cout << "Running as self\n";
    else
        std::cout << "Running as somebody else\n";
}
I didn't think that would work only because I believed sudo changes the uid as well eg if I "sudo nano newfile" then newfile (if it didn't exist) will be owned by root.
You're right, sudo sets both UID and EUID. A basic test for a program to see if it was run through sudo would be to check for one of sudo's environment variables, though it's not definitive as it's easy to fake. The three main environment variables it (usually) sets are:
  • SUDO_USER which will be the username of the user that ran sudo
  • SUDO_UID which will the the UID of the user that ran sudo
  • SUDO_COMMAND which will be the command that sudo was told to run

Code: Select all

#include <stdlib.h>
#include <stdio.h>

int main(void)
{
  const char *sudo_user = getenv("SUDO_USER");
  if (sudo_user) {
    printf("Program called via sudo by %s.\n", sudo_user);
  }
  else {
    printf("Program called directly, not via sudo\n");
  }
}
Last edited by Paeryn on Tue Apr 13, 2021 10:07 pm, edited 1 time in total.
She who travels light — forgot something.
Please note that my name doesn't start with the @ character so can people please stop writing it as if it does!

pidd
Posts: 1869
Joined: Fri May 29, 2020 8:29 pm
Location: Wirral, UK
Contact: Website

Re: "Sudo required"

Tue Apr 13, 2021 10:05 pm

Paeryn wrote:
Tue Apr 13, 2021 9:53 pm
A basic test for a program to see if it was run through sudo would be to check for one of sudo's environment variables, though it's not definitive as it's easy to fake. The three main environment variables it (usually) sets are:
  • SUDO_USER which will be the username of the user that ran sudo
  • SUDO_UID which will the the UID of the user that ran sudo
  • SUDO_COMMAND which will be the command that sudo was told to run
Excellent, thanks

Code: Select all

pi@raspi:~ $ sudo su
root@raspi:/home/pi# env|grep -i sudo
SUDO_GID=1000
SUDO_COMMAND=/usr/bin/su
SUDO_USER=pi
SUDO_UID=1000

hippy
Posts: 9650
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: "Sudo required"

Wed Apr 14, 2021 6:59 pm

thagrol wrote:
Tue Apr 13, 2021 7:18 pm
hippy wrote:
Tue Apr 13, 2021 4:25 pm
I appreciate there are some edge cases where things might fail, the check won't be perfect, but it would catch most cases, let the user know they have to say 'please' when they have forgotten.
sudo does not mean please. Many folks appear to interpret as such though and that belief is going to cause them grief. Maybe not today. Maybe not tomorrow, but soon, and for the rest of their life.
On a single-user personal home computer system, as I would expect most Pi's are used, 'sudo' so often gets in the way of what the owner has chosen to do it's not hard to see why it gets taken as a "please". I don't think I can recall a time where 'sudo' has saved my bacon, but I endlessly need to use it to do what I want to do.

Take "sudo apt update/upgrade". People have to use 'sudo', unless they are never going to update; it becomes by rote if one does, a mere "please". It doesn't provoke stopping and thinking, reflecting on the consequences, because it's Hobson's Choice; don't upgrade and live with bugs and security risks, or do upgrade and run the risks involved in doing that. Once someone types "apt update/upgrade" it is clear they intend to live with the risks of upgrading, 'sudo' becomes relegated to being a matter of "please".

I don't deny 'sudo' has its place in some circumstances, just not those most Pi users are in.

Heater
Posts: 17963
Joined: Tue Jul 17, 2012 3:02 pm

Re: "Sudo required"

Wed Apr 14, 2021 7:35 pm

hippy wrote:
Tue Apr 13, 2021 4:25 pm
Perhaps mostly rhetorical but, why do developers who are writing code which requires 'sudo' to function, and they know that, so often do not check if 'sudo' has been specified, or superuser privileges are held, and report a useful "You need sudo to run this program" but more often than not let the program just run and crash or fail in some way or trap it not working and merely report "that did not work' ?
I'm not sure if I understand what you are getting at. Most programs that require root privs to do their work do not have execution enabled on their file permissions. So they cannot even be run as a normal user and hence cannot make such a useful message.

Sometimes not everything a program does requires root privs so it makes sense to allow user execution of the binary and ask for elevated permissions only when required. That is not usual though, I can't remember such a program.

I like that programs I write do not get root privs unless I go out of my way. That way I can be confident that my bugs won't trash my operating system at random. Similarly for other programs I run, from "rm" upwards.

It follows then that when I want to actually mess with the OS, update, install, change configuration, etc those tools need root privs. I could "su root" but sudo is convenient.
Memory in C++ is a leaky abstraction .

pidd
Posts: 1869
Joined: Fri May 29, 2020 8:29 pm
Location: Wirral, UK
Contact: Website

Re: "Sudo required"

Wed Apr 14, 2021 7:41 pm

hippy wrote:
Wed Apr 14, 2021 6:59 pm
Take "sudo apt update/upgrade". People have to use 'sudo', unless they are never going to update; it becomes by rote if one does, a mere "please".
Good example, its not really clear why apt update needs root privileges, apt upgrade clearly should be root as its making changes to the running system. I'm sure many feel that this two-step process is somewhat outdated, I always check what is getting upgraded but I do it during the upgrade command, the update stage is just a timewaste, the only justification would be if there were different permission levels, which there aren't.

GlowInTheDark
Posts: 1596
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Wed Apr 14, 2021 7:50 pm

That is not usual though, I can't remember such a program.
(Poster of the above quote was asking about a program that can run [usefully] as either root or as an ordinary user)

apt-get is a good example. Normally, and almost universally in the context of the Pi, we (almost) always run apt-get as root.

However, on another system, where I do not have root access, I routinely use apt-get as an ordinary user. The "download" and "source" commands are quite useful as ordinary user.

Also, another user asks why "apt-get update" requires root privs. Well, it manipulates system-wide datafiles - that affect all users. Normally, this (changing system-wide files) should be restricted to root level users. Of course, in the context of the Pi, where there is usually just one user, it all becomes more or less moot, but that's nevertheless the way it is the way it is.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

Heater
Posts: 17963
Joined: Tue Jul 17, 2012 3:02 pm

Re: "Sudo required"

Wed Apr 14, 2021 8:14 pm

GlowInTheDark wrote:
Wed Apr 14, 2021 7:50 pm
Also, another user asks why "apt-get update" requires root privs. Well, it manipulates system-wide datafiles - that affect all users. Normally, this (changing system-wide files) should be restricted to root level users. Of course, in the context of the Pi, where there is usually just one user, it all becomes more or less moot, but that's nevertheless the way it is the way it is.
I don't follow.

Things like "apt list" and "apt search" run fine without root privs. Other operations like "apt update" and "apt upgrade" fail if they are not run with root privs.

This is as it should be. Like I said I don't want to be accidentally hosing or even changing nicely my OS by accident.

Admittedly the error messages emitted when there are insufficient privs are a bit cryptic. In which case hippy's suggestion might be useful.

Only enough "apt upgrade" fails with a messages about "Permission denied" and asks "are you root?". However "apt update" does not.
Memory in C++ is a leaky abstraction .

User avatar
thagrol
Posts: 4656
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: "Sudo required"

Wed Apr 14, 2021 8:43 pm

hippy wrote:
Wed Apr 14, 2021 6:59 pm
thagrol wrote:
Tue Apr 13, 2021 7:18 pm
hippy wrote:
Tue Apr 13, 2021 4:25 pm
I appreciate there are some edge cases where things might fail, the check won't be perfect, but it would catch most cases, let the user know they have to say 'please' when they have forgotten.
sudo does not mean please. Many folks appear to interpret as such though and that belief is going to cause them grief. Maybe not today. Maybe not tomorrow, but soon, and for the rest of their life.
On a single-user personal home computer system, as I would expect most Pi's are used
Speaking personally, I wouldn't bet on that. I suspect mroe are in educational and industrial use. In neither case would you want the average user to have root/sudo access.
, 'sudo' so often gets in the way of what the owner has chosen to do it's not hard to see why it gets taken as a "please".
It's not sudo getting in the way, it's the OS. sudo is a way for "normal" users to bypass OS restrictions in a controlled manner. That RPiOS doesn't use any of those controls doesn't make sudo the problem.

My gut tells me that some (many?) of the folks who complain about sudo are coming from a one user per computer OS like Windows (how many people actually have more than one user account on their PC?), Android, iOS and most home computers of the 80s and 90s.

I also feel they misunderstand what the actual restriction is.

Here's a simply analogy that I hope isn't too far off the mark:

You're visiting aa friend
You try the door. It's locked.
sudo equivalent: asking your friend for their door key.

It's not the key (sudo) that's stopping you, it's the lock.
I don't think I can recall a time where 'sudo' has saved my bacon, but I endlessly need to use it to do what I want to do.
I can think of many where doing something in the wrong directory has been prevented by by not using sudo. Simple things like rm *.

Developing a habit of repeating a command that fails with a prefix of sudo is going to get you into trouble. If you're using the Pi as a learning tool with the intention of getting a job in IT it's not one to develop.

Edit:
If you really find sudo to be that much of an obstacle, login as root rather than as pi. I wouldn't recommend doing so but it does remove the perceived sudo problem.

Edit #2:
sudo is like a hammer. When you have one every problem looks like a nail.
I'm a volunteer. Take me for granted or abuse my support and I will walk away

All advice given is based on my experience. it worked for me, it may not work for you.
Need help? https://github.com/thagrol/Guides

GlowInTheDark
Posts: 1596
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Wed Apr 14, 2021 10:11 pm

You (IMHO, intentionally) totally misunderstood hippy's post.


Well done.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

Heater
Posts: 17963
Joined: Tue Jul 17, 2012 3:02 pm

Re: "Sudo required"

Wed Apr 14, 2021 10:46 pm

We know what hippy said. We are trying to work out what the idea is. Let me make an analogy:

I have a circular saw. It's mine, I own it, I can do whatever I like with it. It's a single user machine, that user is me. But guess what? It has safety guards on it. It has a fuse in its plug.

Now, sometimes I really want to do something where those safety features get in the way. No problem, I can disable them, remove them, bypass them. Whatever it takes to get a special job done.

Do I disable such safety features most of the time? No. Why? Because I don't want to cut my fingers off should my attention slip for a second.

And so it is with my computers. Most of the time I can get what I want done, confident that I am not going to trash my operating system if I make a mistake. When I need to do something special I can. I can remove the guards with su or sudo and do it. Then I am aware I should pay attention.

If anyone wants to run their machine with root privs all the time there is noting stopping them. No more than anything is stopping my ripping the safety guards and interlocks of all my machine tools.

What's he problem again?
Memory in C++ is a leaky abstraction .

hippy
Posts: 9650
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: "Sudo required"

Wed Apr 14, 2021 11:13 pm

Heater wrote:
Wed Apr 14, 2021 10:46 pm
What's he problem again?
Putting those safety guards, which make sense for a circular saw, on 'looking out the window to see if it's raining'.

But, as usual, the thread has been dragged far off course from my original point about developers not telling users they need 'sudo', letting their code run and fail when they are fully aware that's what will happen.

Code: Select all

pi@Pi3B:~ $ apt update
Reading package lists... Done
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)
pi@Pi3B:~ $ 
"You need to use sudo' would have been far more useful, far more informative than that, which doesn't even tell anyone lack of 'sudo' was the issue, using it is the solution.

Code: Select all

pi@Pi3B:~ $ picotool load -x x.uf2
No accessible RP2040 devices in BOOTSEL mode were found.

but:

Device at bus 1, address 37 appears to be a RP2040 device in BOOTSEL mode, but picotool was unable to connect
Yep; I forgot to say "please"

But never mind, I can drag and drop that .uf2 onto my Pico using File Manager. No need for 'sudo' there, no safety guards to stop me.
Last edited by hippy on Wed Apr 14, 2021 11:28 pm, edited 1 time in total.

Heater
Posts: 17963
Joined: Tue Jul 17, 2012 3:02 pm

Re: "Sudo required"

Wed Apr 14, 2021 11:28 pm

hippy wrote:
Wed Apr 14, 2021 11:13 pm
Heater wrote:
Wed Apr 14, 2021 10:46 pm
What's he problem again?
Putting those safety guards, which make sense for a circular saw, on 'looking out the window to see if it's raining'.

But, as usual, the thread has been dragged far off course from my original point about developers not telling users they need 'sudo', letting their code run and fail when they are fully aware that's what will happen.
I think I addressed that in my first post here.

My example was apt. Which will run with user privs for some tasks but fails with cryptic messages for other tasks.

I agree, perhaps those cryptic messages could be avoided by the program checking its privileges and politely saying it cannot continue and suggesting what to do about it.

Is it a significant problem?

I imagine it might not be so easy to fix. I mean how would apt know what to suggest when it cannot know how the the environment it is running in is set up. Maybe suggesting using sudo would work. Maybe not.

I notice that in MacOS and Windows if a program tries to do a privileged thing it is caught by the operating system. The OS then announces that the app is trying to do something privileged and asking if it should be allowed. So the fix is in the OS not in the program itself.
Memory in C++ is a leaky abstraction .

hippy
Posts: 9650
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: "Sudo required"

Wed Apr 14, 2021 11:31 pm

Heater wrote:
Wed Apr 14, 2021 11:28 pm
I agree, perhaps those cryptic messages could be avoided by the program checking its privileges and politely saying it cannot continue and suggesting what to do about it.
Seems we are in agreement and it wasn't hard trying to work out what the idea is.

User avatar
thagrol
Posts: 4656
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: "Sudo required"

Wed Apr 14, 2021 11:53 pm

GlowInTheDark wrote:
Wed Apr 14, 2021 10:11 pm
You (IMHO, intentionally) totally misunderstood hippy's post.
Thanks for the thinly veiled accusation that I'm a troll.

Did I misunderstand hippy's post?. If I did it certainly wasn't intentional. I took the words as written. If hippy meant something else by them that's not really my fault. It's not really your place to make that accusation either.

Would you like a point by point defense of what I wrote?

I'll start with this one:
  • hippy wrote:
    Tue Apr 13, 2021 4:25 pm
    'sudo' so often gets in the way of what the owner has chosen to do it's not hard to see why it gets taken as a "please".
    That's a clear misunderstanding of what the problem is. It isn't sudo that gets in the way, it's the linux security model combined with using a non root login that does.
    Does sudo get taken as please? Undoubtedly. But that's far more likely to be due to users not have received the usual lecture from a sysadmin before being granted sudo rights.

I'll leave it there as I don't want to start or escalate a flame war.
I'm a volunteer. Take me for granted or abuse my support and I will walk away

All advice given is based on my experience. it worked for me, it may not work for you.
Need help? https://github.com/thagrol/Guides

User avatar
thagrol
Posts: 4656
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: "Sudo required"

Thu Apr 15, 2021 12:06 am

Heater wrote:
Wed Apr 14, 2021 11:28 pm
I agree, perhaps those cryptic messages could be avoided by the program checking its privileges and politely saying it cannot continue and suggesting what to do about it.
Unfortunately cryptic error messages seem to be the standard linux approach. Pity that. 50 plus years of unix (and related to/derived from/inspired by OS including linux) and we still have an activly user hostile OS.

But here's the thing: linux is open source. We could all start working on patches for our favourite tools and applications and go through the apropriate acceptance process. But how many of us (including me) actually do so?

Instead we sit around arguing semantics and interprettion on forums most of the relevant developer will never see.

I'll shut up (for) now.
I'm a volunteer. Take me for granted or abuse my support and I will walk away

All advice given is based on my experience. it worked for me, it may not work for you.
Need help? https://github.com/thagrol/Guides

pidd
Posts: 1869
Joined: Fri May 29, 2020 8:29 pm
Location: Wirral, UK
Contact: Website

Re: "Sudo required"

Thu Apr 15, 2021 11:52 am

Error handling and documentation are two aspects that most programmers hate doing., not much can be done to change that especially with volunteers.

User avatar
rpdom
Posts: 18493
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: "Sudo required"

Thu Apr 15, 2021 2:41 pm

apt is just reporting the error it sees.

Why would it say "Oy, say please sunshine, or I won't do this potentially risky thing!".

Not all systems have sudo installed. Some of my older ones don't.

A message saying "Try again, but this time say 'pl... er, sudo' " is even less helpful in that situation.
Unreadable squiggle

GlowInTheDark
Posts: 1596
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Thu Apr 15, 2021 5:10 pm

Your point that not all Unix (-like) systems have the "sudo" mechanism is well taken.

Nevertheless, it would be a good thing if the error message was something more along the lines of "Are you root?" rather than the cryptic and useless "Permission denied". Among other things, think about the possibility that a program such as apt/apt-get/apt-theRestOfTheAPTToolChain performs several sub-tasks as part of its fulfilling a given command (task). It is conceivable that it may have successfully completed steps 1,2, and 3 then hit a snag with step 4 because step 4 requires root privs. Now when it bombs out at step 4, you've got an unclean system, because steps 1 thru 3 have already been done. I doubt most of these tools are conscientious enough to go back and clean up the mess.

Note: I am not saying that the above actually happens (I have no examples of it), but it is possible. It would be much better if the tool would verify on startup, before doing anything, that it is running as root, and generate an error message that says specifically that. I know that whenever I get a weird error abort from a system tool, I start to wonder and worry if my system is now corrupted in some way.

Finally, and only tangentially related to the above, note that a really good tool would not bother warning you that you need to use sudo, but would just go ahead and re-start itself under sudo. I am thinking specifically of the example given in the OP, of raspi-config. raspi-config should just go ahead and re-start itself under sudo when it detects that it isn't running as root. Of course, that attempt to re-start itself might fail, in which case, then, and only then, should it issue an error message.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

ejolson
Posts: 7035
Joined: Tue Mar 18, 2014 11:47 am

Re: "Sudo required"

Thu Apr 15, 2021 5:23 pm

hippy wrote:
Tue Apr 13, 2021 4:25 pm
Perhaps mostly rhetorical but, why do developers who are writing code which requires 'sudo' to function, and they know that, so often do not check if 'sudo' has been specified, or superuser privileges are held, and report a useful "You need sudo to run this program" but more often than not let the program just run and crash or fail in some way or trap it not working and merely report "that did not work' ?

Code: Select all

pi@Pi3B:~ $ raspi-config
Script must be run as root. Try 'sudo raspi-config'
But so much doesn't, and that includes other code from Raspberry Pi.
The most astonishing example of sudo on the Raspberry Pi I've discovered is when launching that graphical programming environment with the famous orange cat.

viewtopic.php?p=1782488#p1782488

Apparently sudo is being used behind the scenes to configure GPIO, just in case the orange cat wants to blink an LED.

My impression is that it's even worse for a startup script to run sudo for you than fail with a mysterious message.

GlowInTheDark
Posts: 1596
Joined: Sat Nov 09, 2019 12:14 pm

Re: "Sudo required"

Thu Apr 15, 2021 5:36 pm

Apparently sudo is being used behind the scenes to configure GPIO, just in case the orange cat wants to blink an LED.
That's very cute. I see that you were able to detect what Scratch was doing by the fact that you've disabled "passwordless" sudo on your system. I suppose that anyone else might have detected it by looking in /var/log/syslog where it logs every call to sudo. I try to minimize the number of "sudos" that I do, as a matter of general practice, just so that I don't clutter up the logs with it; i.e., so that I have some chance of being able to look in the log and see which sudos belong there and which ones are suspicious.

Another commonly used program that does sudos under the covers is rpiclone (the so-called "SD card copier" utility in the graphical menus.

In general, I think the implementors assume that you keep the passwordless sudo, and pretty much consider it your lookout (i.e, all bets off) if you disable it.
GitD's list of things that are not ready for prime time:
1) IPv6
2) 64 bit OSes
3) USB 3
4) Bluetooth

Loves Linux; loves to dance.

Return to “Off topic discussion”