Your RONIN Superpower: The sudo Command

Everyone who creates a machine or a cluster in RONIN has a superpower: the ability to become somebody else. Another user on that computer, that is, including the supreme superuser who has permissions to do anything, whose name is "root".

Users on a Linux system have unique user names that identify them from other users. The user name is usually reflected in the path of their home directories, and shows up in many Linux commands to identify who is running a process or who has access to files. You can check what your current username is at any time using the whoami command.

While most users have rather limited permissions to access their own files and run applications, root is a user who has the ability to do practically anything, including installing systems software and granting and revoking permissions for other users. Similar to a user with administrator privileges on a standard PC.

Because the root user has such power, in most Linux installations root has no password, and instead regular users become root temporarily by running the program sudo. For example, the utility wget is useful for scripting the download of web files. To be able to install this utility on the system, you need root level privileges. Hence, as a regular user, you need to use the sudo command to install the program on your machine as follows:

sudo apt install wget

This command will ask for your password, check that you have permissions to run sudo (which you are automatically granted when creating machines using RONIN), and execute the installation command as root. Behind the scenes, it will log the commands you have executed.

Now notice that if you quickly run another command using sudo, you won't be asked for your password. The command will remember your password for a default timeout period of some minutes.

Why do I care?

When you create a computer on the cloud, you are typically the only user, and your username is probably something nondistinct like "ubuntu", "centos" or "ec2-user" rather than "gandolf", "wallaby" or "fred". However, you will probably need to run some system-level commands to install software on your computer, as described above. The best way to do this is to elevate your privileges by prefixing the commands that should be run as root by using sudo in front of the command. If your only experience with Linux is using a system that was shared among multiple users, you may never have learned how to control the sudo power. It may be tempting to abuse this power, running sudo /bin/bash or sudo su, to become root within a terminal shell and never looking back. Alas, with great power comes great responsibility, and I am here to lecture you about this.

A good rule of thumb is to try a command without sudo, and if it works and does what is expected, just do that. There are two reasons to take this strategy. First, you can accidentally do a lot of damage running a command with sudo if your attention lapses. Although it's much faster and easier to restore and replace a cloud computer than a physical computer, it's still even easier to type rm -r * in the wrong directory and lose everything you didn't save. Second, the files that you create while masquerading as root will be owned by root, and will probably have permissions that protect them from your non-root self. This can cause errors when trying to read files, write files, and delete files when you change back. If you are not a Linux permissions expert — and who among us really is — this is not a good place to be. You might be tempted to fix this by sudo'ing to root and staying there, and then risk accidentally doing a lot of damage.

Why not compromise by disabling sudo from asking for your password each time? It's less typing, but it's a way to think twice about your actions until you are very comfortable. And as an important bonus, if you disable you can put the command sudo shutdown at the end of your long-running scripts to shut down the machine when your jobs are done.

Find your username on your RONIN machine by typing:

whoami

Then edit the master file /etc/sudoers as root. This must be done with a special command that makes sure this file doesn't get screwed up, because as you might imagine that could become hard to fix:

sudo visudo

Now add the following line to the end of this file, replacing "ubuntu" with your username if your username is something different (e.g. "ec2-user"):

ubuntu ALL=(ALL) NOPASSWD:ALL

Done! No more pesky password prompts.

Cheat sheet

What kind of commands should be run as root? Some common examples are below.

  • Commands that control the system, such as reboot or shutdown must be run as root.
  • Commands to install or remove software in system directories (in contrast to your home directory), such as apt or pip.
  • Commands to access protected system files, such as system logs
  • Commands to kill processes that you do not own (be careful!)
  • Commands to create and remove users

Summary

Learning when and how to use sudo helps minimize the chance of accidentally breaking your cloud machine and creating permissions errors that can be difficult to fix. It is also important for working in environments where you can want to put your new Linux system administration skills to use, but share a machine or cluster with other distinct users at the same time.


Now go forth and sudo responsibly!