The Unified Linux Environment is a collection of several hundred workstations and servers managed by the School of Informatics, Computing, and Engineering. These systems use a central management system that make it difficult to give individual users sudo/root permissions. However, in the vast majority of cases users can do what they need without having to have sudo permissions. This page outlines the reasons giving out sudo permissions is not usually done followed by a number of common tasks that can be easily done without needing sudo.
Reasons Giving Sudo Permissions Is Problematic
- Central Management -We use a central management system that keeps much of the system under automatic configuration control. There are a number of things you may want to do using sudo permissions that would conflict with this central management. In many cases, a change that would be made locally via sudo would get overwritten nightly by our central management system which is sure to cause problems and confusion.
- Yum vs Apt - Many users are familiar with installing packages using the Ubuntu/Debian apt system. The unified linux systems are running Red Hat Enterprise Linux (RHEL) which doesn't use the apt system so installing packages is very different. Furthermore, the stock set up packages available in RHEL is much more limited so installing packages becomes much more complex and time consuming for someone not familiar with our local package management techniques.
- Central Package Installation - We have a system in place where we can install a package one time and have it automatically be available on all the unified linux systems. This is a much more efficient way to manage software in a large environment like we have. In fact, the software you need may already be available and you just don't know how to access it. See the following section for more details.
- IT Policy - The IU and SICE computing policies, as well as industry best practice, dictate a policy of least privilege. What that means is that systems should be operated with the least privilege level needed to accomplish a task. So, giving full root access to accomplish one task requiring root access is not recommended. While in most cases no root permissions are needed, there are those times when a specific task does require root access and we can give the needed permission on a more limite basis. For example, if you needed to manage web services on a server, then we can give limited sudo permissions to modify the web config and restart web services without giving full sudo permissions.
Ways You Can Do Things Without Needing Sudo
There are a number of tasks where you may think you need sudo permissions but that is not needed in our environment. Here are some examples
- Access Additional Installed Software - We have a large library of software installed and available on the unified linux systems. Please see the KB page How do I get new or updated software installed on the unified Linux systems? for information about how to access that software.
- Use a Newer Version of an Existing Software Package - The software model on the RHEL systems is to keep the RHEL-supplied versions of packages as the default but to make newer versions available. For example, the current RHEL default python version is 2.7 but we have a number of newer versions with lots of additional modules installed and available via Environment Modules. See the KB page How do I get new or updated software installed on the unified Linux systems? for information about how to access newer versions of software.
- Install Python Modules - There are various ways to install python modules, including installing them into your own space which does not require sudo permissions. Please see the KB page Installing Python Modules In Linux for more information on installing python modules.
Install New Software Packages - In cases where the software you need is not available using the standard mechanisms, it is frequently possible to install software for your own use without having to use sudo. For example, software packages that use configure are commonly installed with:
However, you can easily build and install that into an alternative location with something like:
Other package installation systems have different mechanisms for installing to an alternate location but, in most cases, this is possible. For example, with cmake you can run something like:
- Running Web/Database/Etc Services - In some cases, a request for sudo is so that you can run network services like web and database servers. In many such cases, you can use the UITS or SICE-supplied services. For example, you have a wealth of database options as well as Web Hosting Options you can use. In cases where you want to run some other network service it is likely you can do that on our server without needing root access as described in the KB page Can I run my own web, database, or other server on the unified linux systems?.
What If You Really Do Need Sudo Permissions
Given all of this, it is certainly possible that you may need sudo permissions for very legitimate reasons. In such cases, we will work with you to give you the required permissions in a way that is consistent with our administrative model and IU and SICE policy. The procedure for this is to fill out the Administrative Permissions Request Form per IT Policy: Administrator Access and Self-Managed Systems.