Who decides what needs sudo?

Hello,

I have been using some applications in linux and i have not seen any pattern as to which ones require sudo. I imagine it must relate to what kind of resources are necessary to run it but I am not sure or some decides it may be dangerous. If someone could help me understand how this is decided it would be great.

Thanks,

leapingfrog

Basically, you should never use sudo unless you need to run something as root or a different user. In fact, using sudo when you don’t need to can cause problems. In addition to the obvious security concerns, it can leave apps broken due to permission issues. Lastly, you should avoid running any GUI-based apps with sudo. Most graphical applications are not safe to run as root and doing so can/will have side effects that go beyond the security issues.

Unfortunately, there are not going to be any hard and fast rules for when you should use sudo. Honestly, other than system maintenance tasks, it shouldn’t be all that common that you need to use it. If you are ever in doubt, just ask.

4 Likes

If you are trying to modify a file not owned by your user, you need sudo (it’s an oversimplification). Whatever is in your home directory is owned by you, and you can do whatever you want with them. Outside that directory you would need sudo to edit most files. You can see it as a safety measure.

Practically speaking, you don’t need sudo in day to day usage.

When I install a Linux Mint for someone else, I don’t even tell them that something like sudo exists. Apart from system updates, I don’t see sudo being used by most users. And in Mint there is gui package manager so no need to learn sudo.

In arch/arch-based distro, there are pacnew files to deal with, and that requires sudo. If you are a tinkerer, you will see yourself using sudo often.

1 Like

I mean more with regards to the developers or creators of these tools. How did they decide that for x application sudo should be used? For example in pacman what can be used without sudo is pacman -Ss <seach term> but pacman -Syu cant.

In most cases, the developers don’t decide. The choice is usually left to the user.

In the specific case of pacman, it is because doing a search doesn’t require changing any system files. However, updating your system does. In this case, it asks for elevated privileges so it update the pacman database and your system.

You need elevated privileges (obtained with sudo) when you want to

  1. read a file that your user does not have the permission to read,
  2. write to a file that your user does not have the permission to write to, or
  3. execute a file that your user does not have the permission to execute.

That’s it.

In practice, it usually means changing files outside your user’s home directory, which are typically owned by the root user and other users are not given permissions to modify, for security and system stability reasons. Often, however, you want to modify those files, either directly (for example, when changing some setting pertaining to the entire system), or indirectly, for example when updating software, and that’s when sudo becomes quite useful.

As a general rule, everything that you can accomplish without sudo you should do without sudo. If in doubt, try it without sudo first and if it works, it would have been a mistake to use sudo. Another general rule, already mentioned, is to never run GUI applications with sudo.

And of course, when you type the command sudo, that’s five additional key-presses of time for you to think about what you’re doing. Use that time and be aware of what you’re doing, think of it as a reminder to pay attention. :slight_smile:

2 Likes