Introduction
Sudo is SuperUser DO and is used to access restricted files and operations. By default, Linux restricts access to certain system parts, preventing sensitive files from being compromised.
The sudo command temporarily elevates privileges allowing users to complete sensitive tasks without logging in as the root user. In this tutorial, learn how to use the sudo command in Linux with examples.
Prerequisites
- A system running Linux
- Access to a command line/terminal window (Activities > Search > Terminal)
- A user account with
sudoorrootprivileges
How to use the sudo Command
sudo was developed as a way to temporarily grant a user administrative rights. To make it work, use sudo before a restricted command. The system will prompt for your password. Once provided, the system runs the command.
Syntax
To start using sudo, use the following syntax:
sudo [command]When the sudo command is used, and a timestamp is entered in the system logs. The user can run commands with elevated privileges for a short time (default 15 minutes). If a non-sudo user tries to use the sudo command, it is logged as a security event.
Options
sudo can be used with additional options:
-h– help; displays syntax and command options-V– version; displays the current version of the sudo application-v– validate; refresh the time limit on sudo without running a command-l– list; lists the user’s privileges or checks a specific command-k– kill; end the current sudo privileges
Additional options can be found under the -h option.
Note: Staying logged in as an administrator compromises security. In the past, admins would use su (substitute user) to temporarily switch to an administrator account. However, the su command requires a second user account and password, which isn’t always feasible.
Granting sudo Privileges
A user must be in the sudo, sudoers, or wheel group for most modern Linux distributions to use the command. By default, a single-user system grants sudo privileges to its user. A system or server with multiple user accounts may exclude some users from sudo privileges.
We recommend only granting privileges necessary for the user to perform daily tasks.
The following sections explain how to add a user to the sudoers group.
RedHat and CentOS
In Redhat/CentOS, the wheel group controls sudo users. Add a user to the wheel group with the following command:
usermod -aG wheel [username]Replace [username] with an actual username. You may need to log in as an administrator or use the su command.
Debian and Ubuntu
In Debian/Ubuntu, the sudo group controls sudo users. Add a user to the sudo group with the following command:
usermod -aG sudo [username]Replace [username] with an actual username. You may need to log in as an administrator or use the su command.
Using visudo and the sudoers Group
In some modern versions of Linux, users are added to the sudoers file to grant privileges. This is done using the visudo command.
1. Use the visudo command to edit the configuration file:
sudo visudo2. This will open /etc/sudoers for editing. To add a user and grant full sudo privileges, add the following line:
[username] ALL=(ALL:ALL) ALL
3. Save and exit the file.
Here’s a breakdown of the granted sudo privileges:
[username] [any-hostname]=([run-as-username]:[run-as-groupname]) [commands-allowed]Note: It’s easier to add a user to the sudo or wheel group to grant sudo privileges. If you need to edit the configuration file, only do so using visudo. The visudo application prevents glitches, bugs, and misconfigurations that could break your operating system.
Examples of sudo in Linux
Basic Sudo Usage
1. Open a terminal window, and try the following command:
apt-get update2. You should see an error message. You do not have the necessary permissions to run the command.
3. Try the same command with sudo:
sudo apt-get update4. Type your password when prompted. The system executes the command and updates the repositories.
Run Command as a Different User
1. To run a command as a different user, in the terminal, enter the following command:
whoami2. The system should display your username. Next, run the following command:
sudo -u [different_username] whoami3. Enter the password for [different_username], and the whoami command will run and display the different users.
Switch to Root User
This command switches your command prompt to the BASH shell as a root user:
sudo bashYour command line should change to:
root@hostname:/home/[username]The hostname the value will be the network name of this system. The username will be the current logged-in username.
Execute Previous Commands with sudo
The Linux command line keeps a record of previously executed commands. These records can be accessed by pressing the up arrow. To repeat the last command with elevated privileges, use:
sudo !!This also works with older commands. Specify the historical number as follows:
sudo !6This example repeats the 6th entry in history with the sudo command.
To learn how to efficiently use the history command, check out our article on the sudo history command with examples.
Run Multiple Commands in One Line
String multiple commands together, separated by a semicolon:
sudo ls; whoami; hostname
Add a String of Text to an Existing File
Adding a string of text to a file is often used to add the name of a software repository to the source’s file without opening the file for editing. Use the following syntax with echo, sudo and tee command:
echo ‘string-of-text’ | sudo tee -a [path_to_file]For example:
echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list
Note: This would add the Nginx software repositories to your system.
Conclusion
You should now understand the sudo command and how to use it. Next, learn the difference between the sudo and su commands.
