sudo is a command that you often type quite regularly on the Raspberry Pi when doing administration tasks – do you know what it means? Do you know why it is called sudo? Do you know what the “Principle of least privilege” is, and what is “temporary elevation”? But most importantly, do the kids know the answers to these questions – they need to!
Before we talk about sudo and the Raspberry Pi, first we need to look a little bit at operating systems and the way that they implement access rights and privileges.
There is some variance here between Windows and linux/unix (Mac uses a form of unix), but we should really start from the concepts and drill into the detail, so we’ll start there…
What is Computer Science?
One thing about computing in schools at the moment is that a new curriculum is being rolled out with an emphasis on Computer Science. It’s important to not just use the words, but to understand what Computer Science is and how to integrate it into the curriculum too.
Computer Science, as defined on wikipedia is the “specialism of the theory of computation and the design of computing systems”. I’m sure there are many other definitions and many late night arguments that take place about what it really is, but that’s good enough for our discussion here.
Science provides a discipline and understanding, that can be applied to great means in many different contexts. That’s why it is so important to teach Computer Science in schools – it teaches kids how to think. It gives us ways to talk about and reason about computers, and solve problems at a higher level.
As fads and fashions come and go, Computer Science stays relatively constant, and things you learn are equally applicable now and in 40 years time. Computer Science principles that I learnt as a teenager are still a cornerstone of my daily understanding today, over 30 years later, and people older than me (especially those with long white beards) also confirm the enduring nature of Computer Science.
Privileges and access rights
Computer systems that are shared between multiple users need a way of ensuring that users only have access to the files and other resources they need access to. Two main reasons for this are:
- To stop malicious and unauthorised access to resources
- To stop accidental and damaging access to resources
Thus, when you run a program on any modern computer (and most old computers too), you run as a defined “user account”. This user account has a name, and a set of privileges. The operating system checks before you access a resource that you have the necessary access rights to do that, and rejects your request if you are not allowed. So, as the first level of protection, each user has different access rights.
This is enough for now for our discussion of sudo – knowledge of the fact that users log in with a user name and password, and each different user name has different access rights, is enough to explain the purpose of sudo. We’ll look another time at the specific detail of individual access rights.
Real Userid and Effective Userid
Unix/Linux in particular implements real and effective user id’s – all this means is that you log in as one user, but you can temporarily change your user id to another one in order to access special resources. This is called “elevation” – you elevate your access privileges to do some task, then you lower them again when finished.
If you are a windows user, you may have sometimes seen the message “operation not allowed without elevation” and wondered what it means? All it means is you need to run that program as “administrator” (elevated privileges) and it will work.
Elevation is a really useful protection mechanism, and leads onto a great computer science principle: “The principle of least privilege“, which wikipedia defines as “every module must be able to access only the information and resources necessary for it’s legitimate purpose”.
So, on a Raspberry Pi for example, you may already know that there are at least two users by default – the user “pi” that you normally log in as, and the user “root” that is the superuser. With the root user you can do some completely damaging things, such as reboot the system delete all the users, and completely destroy the filing system on your disk. As the user “pi”, you can’t do any of those things, because you don’t have sufficient privileges to the files in the filing system required to do those things.
So, when you install new software or configure your hard disk, or reboot the system, we need a way to “temporarily elevate” our privilege so we can do that. All this does is change your “effective user id” to “root” – you are still really “pi”, you still have all the same settings as “pi”, you are still in the same directory as “pi”, but you temporarily have all the rights of the superuser “root”.
Again, there are many arguments as to what “su” actually stands for, but the WikiPedia page has some suggestions – I always say it stands for “substitute user” – it is a way to temporarily elevate your privileges to that of another user. It saves you logging out and logging in again (very annoying if you have just got all your screens open and navigated to the right directory, and then have to logout and do it all again!)
su without any parameters tries to substitute user to the superuser “root”, although you can substitute user to any user. All this does is to change your effective user id to that of the new user. typing exit will return back to your existing command shell.
Normally you would have to enter the password for the new user to authenticate that you are allowed to use that account, but unix/linux has a file called sudoers usually somewhere in a etc directory, that lists the names of users who can su without entering a password – they are “pre-approved” for temporary elevation.
Very speedy temporary elevation – enter SUDO
Now to the point of this article – sudo really stands for “substitute user and do”. It is a short hand form of su that runs the command provided to it as root (elevated privilege), then automatically returns to your existing user and shell command prompt. It saves all that mucking about with keep typing exit at the end of each su.
So, if you type:
As user “pi”, you don’t have sufficient privilege to edit the interfaces file, so it fails.
If you type:
As user “pi”, you don’t have sufficient privilege to run the reboot command, so it fails.
If you type:
sudo nano /etc/network/interfaces
sudo substitutes user to root (the effective userid is now root), and runs the nano editor as root, you can read and write the file, and when you finish nano, your effective userid returns back to “pi” automatically.
If you type
sudo substitutes user to root (the effective userid is now root), and runs the reboot command (of course, nothing returns from this!)
Don’t learn packages, fashion and fads – learn Computer Science
My message here is clear. Always challenge kids to explain to you exactly what they are doing and why they are doing it. Always challenge them to ask questions as to “why am I typing in that command and what does it do”. Always get kids to learn basic Computer Science principles – they are enduring and will set them up for life. And of course – always ask those questions yourself, because you’ll need to be able to answer them when kids ask you!
Teach Computer Science (not packages)!