Wandering Thoughts archives


You should always be able to get a program's version and basic usage

Here is a small little sysadmin request: all programs should be willing to report their version and their usage before either insisting on special privileges or doing anything that might fail, such as checking for config files, probing various things, or whatever. The rule of thumb should be if your program can run at all, it should be able to report this stuff.

(Note that this specifically includes shell scripts, Perl programs, Python programs, and other interpretable things, ideally even if they're being run on the wrong architecture. I admit that this is a bit tricky if your program is mostly Perl or Python but has some compiled extensions.)

None of this information is at all sensitive. Usage and other help text is in the fine manual, and the version of your program is almost certainly available from the system's package management program (which almost never requires privileges to report such information). So why don't I just do this? Because it's a lot faster to type 'cmd --help' and 'cmd --version' than it is to skim enough of the manpage or run package manager commands. And it is both irritating and dangerous to have to su to root just to find out the version of a command.

(Plus, often the usage message is much shorter and easier to skim than the manual page. As an extreme example, consider 'rsync --help' versus 'man rsync'.)

Maximum irritation points are awarded if your program merely checks to see if it's being run as root so it can helpfully tell me that I have to be root to run it; then you don't even have the excuse of avoiding potential security issues.

Sidebar: a real example

If you are not a sysadmin, you might innocently think that no one will ever be silly enough to do this. Let me introduce you to the Solaris 10 iscsiadm command:

$ iscsiadm -V
permission denied
$ ls -l iscsiadm
-r-xr-xr-x [...] iscsiadm

(Bonus points are awarded for a misleading, unhelpful error message.)

I don't want to specifically pick on Solaris here, because I've seen this many times on many different systems (and I've probably done it myself at some point, by the simple means of having a program that tried to load a configuration file before it did much command line argument processing).

sysadmin/HelpIsUnprivileged written at 02:39:50; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.