Log of sudo commands

I recently discovered that a user on a server had accidentally killed my program. Many users, including me, on this server have sudo permissions. So, I guess the kill was carried out by using sudo. How to find out who is the killer?

Thankfully, all actions taken under sudo are logged in the /var/log/auth.log file. You will find entries of this form:

Sep 26 08:31:26 foobar-machine sudo:   joe : TTY=pts/1 ; PWD=/home/joe/scripts ; USER=root ; COMMAND=/usr/sbin/openvpn --daemon --config foobar.ovpn
Sep 26 08:31:26 foobar-machine sudo: pam_unix(sudo:session): session opened for user root by joe(uid=0)
Sep 26 08:31:27 foobar-machine sudo: pam_unix(sudo:session): session closed for user root

You can see that all pertinent information is available in the log: who ran the command, what command and when.

Tried with: Ubuntu 16.04

PATH environment variable in sudo

Using sudo is a common, safe and recommended method to execute commands that require superuser privileges. However, this command resets the PATH environment variable. So, some badly written installation scripts that require a particular PATH will fail in strange ways when run as sudo.

Here is some useful information about sudo and the PATH environment variable:

  • To ensure safety, sudo by default does not use the PATH environment variable of the user or that of root.

  • sudo also ignores the system-wide environment variables set in /etc/environment or in /etc/profile.d/*.sh.

  • The PATH variable for sudo is hardcoded to /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games

  • If you really want sudo to pick up the system-wide PATH or other environment variables, then try this:

    1. Set the PATH or environment variable in a new file named /etc/profile.d/name_anything.sh using export
    2. Start root shell using sudo su -
    3. Check if your path is correct: echo $PATH
    4. Run the command that requires superuser privilege.
  • Reference:

Tried with: Ubuntu 14.04

Pip install error with PyCUDA

Problem

  • I tried to install PyCUDA using pip:
$ sudo pip install pycuda
  • The installation tries to compile a few C++ files and it failed on the very first file with this error:
In file included from src/cpp/cuda.cpp:1:0:
src/cpp/cuda.hpp:14:18: fatal error: cuda.h: No such file or directory
#include <cuda.h>
                ^
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1

Investigation

  • This error was strange because I had set CUDA_ROOT and had added the bin path of CUDA installation to PATH environment variable. So, the installer should have found cuda.h which I could see was present in $CUDA_ROOT/include

  • To see what was happening, I tried the same command with verbosity:

$ sudo pip -vvv install pycuda
  • Now I could see that it was failing to find nvcc.

  • On downloading the source code of PyCUDA and checking setup.py, I saw that the check for nvcc was used to figure out the CUDA_ROOT and CUDA_INC_DIR.

  • The reason nvcc was not visible was that CUDA_ROOT was set for my user, but this PATH is not visible when a command is run under sudo, as described here. The solution was to make the CUDA bin path visible to sudo.

Solution

To make the $CUDA_ROOT/bin available in PATH for sudo, we can follow the steps described here. For example, on my system with CUDA 7.0 I followed these steps:

  • Created a new file /etc/profile.d/cuda.sh and added this line:
export PATH=/usr/local/cuda-7.0/bin:$PATH
  • Opened root shell without resetting PATH and ran the pip installation:
$ sudo su -
$ pip install pycuda

This worked and PyCUDA was installed successfully! 🙂

Tried with: PyCUDA 2015.1.2, CUDA 7.0 and Ubuntu 14.04

sudoedit

When I need to edit files with superuser privileges, like those in etc directory, I used to do:

$ sudo vim /etc/hosts

This launches the editor with root privileges.

I recently learnt that there is a safer and more elegant way do this: using sudoedit. This makes a temporary copy of the file you want to edit in /tmp and opens it in your favorite editor with normal user privileges. After you save the file, the original file is replaced with the updated copy.

To do this:

$ sudoedit /etc/hosts

Or equivalently:

$ sudo -e /etc/hosts

Tried with: Ubuntu 14.04

How to use sudo

  • To give sudo permissions to a user, say joe, add the user to the sudo group:
$ sudo adduser joe sudo
  • To run a command as superuser:
$ sudo some_command

The superuser privileges last at this shell session for about 15 minutes. Any other superuser commands you execute within this time at this shell session will not require you to enter the password.

  • To run a command as another user, say joe:
$ sudo -u joe some_command
  • If you want to execute many commands or need a shell with superuser:
$ sudo -s
  • To have all your environment variables when you execute sudo:
$ sudo -E some_command
  • To list of commands allowed for you:
$ sudo -l
  • To list the commands allowed for another user, say joe:
$ sudo -l -U joe

Tried with: Ubuntu 18.04