Why do all the sudo? [was Re: Software updater no longer functional]

Joel Rees joel.rees at gmail.com
Mon Jan 23 18:22:53 UTC 2017 

Sigh. I don't know whether I should just go outside and scream or
bother to do this.

On Sun, Jan 22, 2017 at 9:37 PM, Chris Green <cl at isbd.net> wrote:
> This is a classic case where I wonder why not change:-

This looks like it has been clipped from instructions to a someone not
familiar with apt commands and, in fact, barely familiar with the
command line.

>> Next steps:
>>
>> sudo apt-get install -f
>>
>>  -- fixes any package errors
>>
>> NOTE THEM DOWN if it doesn't work & tell us

And while the recipient of the advice is doing this, he/she is not root.

>> sudo apt-get clean
>>
>>  -- empty the package cache

And if the user decides to issue a

   df -h

along with some other commands to check how much cache got freed and
starts poking around.

And maybe the user receiving the advice notices, for some reason, an
odd file with the executable permissions set, sitting on her/his
desktop and decides to run it to see what it does before she forgets
it's there. Dangerous, but less so if he or she is not authorized at
root level.

>> sudo apt-get autoremove -y
>>
>>  -- remove obsoleted packages & ones nothing else use

Again, the user is not root. If she or he does something untoward
while in there, no big deal.

>> sudo touch /forcefsck

And what if the user, up late because late is the only time free,
drifts off and his/her hand falls on the tab key at an inopportune
moment and touches something else in the root file system?

>> sudo shutdown -r now

> to:-
>
>>
>> Next steps:
>>
>> sudo -i
>> apt-get install -f
>>
>>  -- fixes any package errors
>>
>> NOTE THEM DOWN if it doesn't work & tell us

Yes. By all means consider the things not in the list of instructions
that the user will have to perform to actually follow the
instructions.

>> apt-get clean
>>
>>  -- empty the package cache
>>
>> apt-get autoremove -y
>>
>>  -- remove obsoleted packages & ones nothing else use
>>
>> touch /forcefsck
>> shutdown -r now
>>
>
> It saves typing!  :-)

There are safer ways to save typing. You learn them by learning how to
use sudo correctly.

Realize, also, that the automated GUI tools someone mentions elsewhere
properly drop permissions between root-authorized system calls, if
they are designed correctly. Failing to do so pretty easily results in
race conditions that can be exploited.

> This is by no means the worst case, you often see great streams of
> 'sudo this' and 'sudo that' in descriptions of how to do things.
>
> --
> Chris Green
>



-- 
Joel Rees

I'm imagining I'm a novelist:
http://reiisi.blogspot.jp/p/novels-i-am-writing.html

More information about the ubuntu-users mailing list