When is sudo needed?

1 minute read

Several common issues with end user Linux computers come from programs needlessly installed with sudo. Besides the cybersecurity benefits from avoiding sudo use, it can actually goof up install of programs, putting parts of themselves under /root or making them readable only by root etc. From those results prima facie one could wonder about the wisdom of using sudo with the installer script!

In general we write procedures without mentioning sudo, to avoid end-users carelessly invoking sudo. For almost all installs, sudo is used with apt install or yum install and other commands installing from repositories. Yes, it is possible to install into a chroot or apt source <myprogram> (if source repositories are enabled) and then build the program. But most users don’t bother with that.

Configure builds to install locally

Wherever practicable, we tell generators like CMake and Autoconf to install under ~/.local/ as in these examples. Many Linux distros including Ubuntu are preconfigured to use a hierarchy like ~/.local/bin, ~/.local/lib and so on.

CMake

Within CMakeLists.txt and using CMake ≥ 3.7:

if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
  if(UNIX)
    set(CMAKE_INSTALL_PREFIX "~/.local/bin" CACHE PATH "..." FORCE)
  endif()
endif()

Python

Even when using system Python /usr/bin/python it is often preferred to use the PEP 370 --user option like:

pip install --user matplotlib

which installs Python modules under ~/.local. There are some edge cases such as where using GTK3 that using system Python libraries can be useful, such as python-gi with Beamer.

Big messes are often made when installing with sudo pip – don’t do that in general. Also, when installing Python environments (e.g. Miniconda), which is typically recommended instead of using system Python, don’t use sudo either.

Autoconf

Most packages that use Autoconf will respect the prefix= option to specify the top-level install location, like:

./configure --prefix=~/.local

Categories:

Updated:

Leave a Comment