Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
policies:sudoers [2023/02/21 16:15] hans |
policies:sudoers [2024/07/15 09:26] (current) hans [Sudoer Mess BoilerplatesTemplate] |
||
|---|---|---|---|
| Line 91: | Line 91: | ||
| ===== Sudo Alternatives ===== | ===== Sudo Alternatives ===== | ||
| + | ==== Using Code in Openlab ==== | ||
| + | We've seen a lot of students trying to install code. This isn't going to work because sudo, but also because the X Server isn't near fast enough. | ||
| + | |||
| + | Alternative 1: Use [[https://wiki.ics.uci.edu/doku.php/virtual_environments:jupyterhub|Jupyterhub@ICS]]: https://hub.ics.uci.edu | ||
| + | |||
| + | Alternative 2: Run VSCode locally but run programs on Openlab using "[[https://code.visualstudio.com/docs/remote/ssh|Visual Studio Code Remote - SSH]]". | ||
| + | |||
| + | Alternative 3: [[https://wiki.ics.uci.edu/doku.php/accounts:mapping_network_drive|Map your network drive]] and run code locally on your computer. | ||
| ==== Package (yum/apt) installation ==== | ==== Package (yum/apt) installation ==== | ||
| Line 143: | Line 151: | ||
| Most python and anaconda packages do not require root privilege to install. See the following URL for instructions on installing Python libraries, including how to upgrade pip: | Most python and anaconda packages do not require root privilege to install. See the following URL for instructions on installing Python libraries, including how to upgrade pip: | ||
| - | See [[https://wiki.ics.uci.edu/doku.php/software:personal_library#python3]] | + | See [[https://wiki.ics.uci.edu/doku.php/software:python]] |
| Line 149: | Line 157: | ||
| The MySQL and PostgreSL servers run on unprivileged ports and it is best practice to run these as a non-root user. Please see this page for running [[[[services:database:mysql:unprivileged-users|MySQL as an unprivileged user]]. Please request a [[accounts:gsu|group account]] from helpdesk@ics.uci.edu if your team would like to share ownership of a MySQL server. | The MySQL and PostgreSL servers run on unprivileged ports and it is best practice to run these as a non-root user. Please see this page for running [[[[services:database:mysql:unprivileged-users|MySQL as an unprivileged user]]. Please request a [[accounts:gsu|group account]] from helpdesk@ics.uci.edu if your team would like to share ownership of a MySQL server. | ||
| + | |||
| + | === NodeJS === | ||
| + | |||
| + | See [[https://wiki.ics.uci.edu/doku.php/software:nodejs]] | ||
| ==== Compiling Software from Source ==== | ==== Compiling Software from Source ==== | ||
| Line 213: | Line 225: | ||
| === General=== | === General=== | ||
| + | <code> | ||
| Our system reported that you ran the sudo command recently. I going to take this opportunity to share this wiki page that describes our sudoers policy, reasoning, and potential alternatives: | Our system reported that you ran the sudo command recently. I going to take this opportunity to share this wiki page that describes our sudoers policy, reasoning, and potential alternatives: | ||
| Line 218: | Line 231: | ||
| This page doesn't require you to login but links from this page may require ICS credentials to login. | This page doesn't require you to login but links from this page may require ICS credentials to login. | ||
| + | </code> | ||
| === Unnecessary Sudo Invocations === | === Unnecessary Sudo Invocations === | ||
| Line 270: | Line 283: | ||
| /pkg/go/1.15.6/bin/go | /pkg/go/1.15.6/bin/go | ||
| + | === Disk Usage === | ||
| + | |||
| + | Hello <Name>, | ||
| + | |||
| + | We recorded the recent sudo activity on your account on <DATE>: | ||
| + | |||
| + | The command recorded was "sudo /bin/du -h". Were you trying to get dis usage on the host? Were you just trying to look at your home directory but made a mistake? Please let us know what you were trying to do and maybe I could help. | ||
| + | |||
| + | Thank you and have a great day, | ||
| + | |||
| + | === Shell and service invocations === | ||
| + | |||
| + | Our system reported that you ran the sudo command recently. I'm going to take this opportunity to share this wiki page that describes our sudoers policy, reasoning, and potential alternatives: | ||
| + | |||
| + | [[https://wiki.ics.uci.edu/doku.php/policies:sudoers]] | ||
| + | |||
| + | This page doesn't require you to login but links from this page may require ICS credentials to login. | ||
| + | |||
| + | Some of the key points: | ||
| + | * Services on unprivileged ports (above 1024) should not run with sudo | ||
| + | * Sudo shell invocations are usuaully unecessary, we can find alternatives. | ||
| + | * Software not available via package managers may be installed in user space. | ||
| + | |||
| + | Please let us know if there is a specific challenge that caused you to use sudo and we can help figure out an alternative way to accomplish the same thing. | ||
| + | |||
| + | ===== Troubleshooting ===== | ||
| + | |||
| + | === Q. sudo: error initializing audit plugin sudoers_audit === | ||
| + | |||
| + | **Symptoms:** Sudo runs fine as root user but produces this error when run as a non-root user. | ||
| + | |||
| + | <code> | ||
| + | sudo: error initializing audit plugin sudoers_audit | ||
| + | </code> | ||
| + | |||
| + | **Cause:** User does not exist | ||
