54

is there any difference between running an intensive task over sudo with the following commands?:

  1. nice sudo [intensive command here]
  2. sudo nice [intensive command here]

BTW this is for Linux 3.x.

Nicolas Laplante
  • 651
  • 5
  • 5
  • 6
    To help you test see `nice bash -c 'ps -p $$ -o pid,ni,comm'`, and `sudo nice bash -c 'ps -p $$ -o pid,ni,comm'`, and `nice sudo bash -c 'ps -p $$ -o pid,ni,comm'`. All three should show you the nice value for the process id ($$) of the spawned shell. – Zoredache Sep 05 '14 at 16:50
  • @Zoredache, while I think that your comment is VERY constructive, we should say that they will all have the same nice value because it gets inherited when forking, which should be the actual answer to the question. – Florin Asăvoaie Sep 05 '14 at 16:54
  • 3
    @FlorinAsavoaie if you think that should be the answer, then please feel free to add it. I added my the above comment as a way to test things, because I personally wasn't 100% confident what would happen, and I decided to find a command that could show the nice value with various invocations. I am in the camp that tends to prefer to actually have a test that shows things are operating they way they are supposed to. – Zoredache Sep 05 '14 at 16:58
  • @FlorinAsavoaie I would have thought so too, but look at http://serverfault.com/a/626576/117546. – emory Sep 06 '14 at 16:52

4 Answers4

104

There's a difference, a crucial one.

If you want to decrease the process' priority, the order does not matter. On the other hand, if you want to increase it, you must put sudo before nice.

Since you are running the command as a normal user (otherwise you would not bother with sudo at all), you can only decrease the priority of your command. But if you use sudo first, you can increase it if you want.

Community
  • 1
ThoriumBR
  • 5,272
  • 2
  • 23
  • 34
16

If you run nice sudo then the prompt for your password will also be niced, but since you'll spend far more time typing it, it really doesn't matter much.

As ThoriumBR noted, if you are lowering the priority, then the order is irrelevant, but if you want to raise the priority, then (since this must be done as root) you must use sudo nice.

Otherwise I can't imagine any real difference.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
2

Using the 'principle of least privilege' you should only run a program with root privileges if it needs them, and then drop them again as soon as you don't need them anymore.

So yes, there is a difference, if there is an exploit for nice, an attacker could run code with the same privileges as the nice program.

Also, sudo resets your environment, so it migh thave side effects, try

$ echo 'echo $PATH' | sh
/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/home/jens/.local/bin:/home/jens/bin:/home/jens/.local/bin
$ echo 'echo $PATH' | sudo sh
[sudo] password for jens: 
/sbin:/bin:/usr/sbin:/usr/bin

So the 'nice' command you run via sudo might actually end up being a different binary.

$ which ash
~/.local/bin/ash
$ sudo which ash
[sudo] password for jens: 
which: no ash in (/sbin:/bin:/usr/sbin:/usr/bin)
Jens Timmerman
  • 866
  • 4
  • 10
2

Late answer:

If your sudo access is limited to certain programs (foo and bar, for example), then you won't have authority to run sudo nice foo, but will be allowed to run nice sudo foo.

Chris Dennis
  • 121
  • 1