- To specific commands or programs.
- To the entire system.
When sudo rights are granted without restriction to specific commands or applications the following risks apply:
- The sudo superuser has access to all processes, users, and files on the system. This means:
- A sudo user can 'switch into' another user account without the password.
- A sudo user can read other users files.
- Besides privacy concerns, faculty should be aware of FERPA and other class privacy concerns when storing academic information on their system and permitting sudo permission to their students or group members.
- A sudo user can control any process on the system, possibly making the system unstable or unusable.
- A sudo user can do the administrative tasks listed above outside Engineering IT's managed environment.
- These changes won't be recorded by our managed environment.
- These changes could conflict with our managed environment and break some immediate or future functionality.
- These changes could cause backups to fail and cause possible data loss.
Conditions for requesting user administrative access
The following information is required to request administrative access (sudo) permissions on Engineering IT managed Linux systems:
- The faculty member / PI / authorized user-decider for those systems agrees to it.
- The user acknowledges reading this page and accepts the risks and responsibility to preserve the system's functionality and data.
Requests for sudo permissions can be sent to engrit-help@illinois.edu and should include:
- Your name and university netid.
- The systems (hostnames) you are requesting sudo permission on.
- A message from the faculty member granting permission, or contact information for the faculty member who can authorize sudo permissions.
Assuming the appropriate approvals are in place, sudo requests are usually processed within one business day.