Home > Package & System Management > sudo

Guide to the sudo Command: Execute Commands with Administrative Privileges

`sudo` (short for substitute user do or superuser do) is a tool that allows a regular user to execute programs with the privileges of another user (usually the root user) in Linux and Unix-like operating systems. This enables management tasks to be performed safely while maintaining system security, making it much safer than performing all tasks directly as the root account. Through this guide, you will learn the basic usage of `sudo` and important security considerations.

Overview of sudo

In a Linux system, the root user has all privileges. However, performing all tasks as root poses the risk of causing catastrophic damage to the system by mistake. `sudo` is an important security mechanism that temporarily grants necessary administrative privileges to regular users, allowing for system management while minimizing security risks.

How sudo Works

`sudo` prompts the user for their password (not the root password) when running the `sudo` command, and if the password is correct, it executes the command with root or another user's privileges based on the rules defined in the `sudoers` file. Once authenticated, users can use `sudo` without re-entering their password for a limited time (default 5 minutes).

Main Roles of sudo

  • **Enhanced Security**: Reduces security risks by preventing unnecessary logins as the root account.
  • **Accountability Tracking**: All commands executed through `sudo` are logged, allowing for tracking who executed which administrative command and when.
  • **Granular Permission Control**: The `sudoers` file allows for finely-tuned control over which specific commands certain users or groups can execute with root privileges.
  • **Reduced Password Re-Entry**: Once authenticated, users can use `sudo` without a password for a limited time, making it convenient.

🔑 sudoers File

/etc/sudoers

All permission settings for `sudo` are defined in the `/etc/sudoers` file. This file is very sensitive, so it **must be edited using the `visudo` command.** `visudo` automatically checks for syntax errors to prevent `sudo` functionality from being broken due to incorrect settings.

Key sudo Command Options

`sudo` command can control its execution method through various options in addition to privilege escalation.

1. Basic Usage

2. User and Shell Related Options

3. Authentication and List Related Options

Generated command:

Try combining the commands.

Description:

`sudo` Executes the command.

Combine the above options to virtually execute commands with AI.

Configuring the sudoers File (Using visudo)

`sudo` privileges are controlled by the `/etc/sudoers` file. Instead of directly modifying this file, you should safely edit it using the `visudo` command. `visudo` checks for syntax errors to prevent breaking `sudo` functionality.

Editing the sudoers File

sudo visudo

Safely edit the `sudoers` file with root privileges. The default editor may be `vi`.

Common Format of the sudoers File

Entries in the `sudoers` file are defined in the format `User Host=(RunAs) NOPASSWD: Command`. The most common configuration allows users belonging to a specific group to have `sudo` privileges for all commands.

Example Configurations

Below are common example configurations you may see within the `sudoers` file.

  • `%sudo ALL=(ALL:ALL) ALL`: Allows all users in the `sudo` group to execute any command (ALL) with the privileges of any user (ALL) and group (ALL) from any host (ALL). (Password required)
  • `username ALL=(ALL) NOPASSWD: /usr/bin/apt update`: Allows the `username` user to execute the `apt update` command with root privileges without entering a password.

Usage Examples

Learn how to perform system tasks with administrative privileges through various usage examples of the `sudo` command.

System Package Update

sudo apt update

The command to update the system's package list requires administrative privileges, so `sudo` is used.

Copying a File to a Specific Directory

sudo cp my_config.conf /etc/

Copies the `my_config.conf` file to the `/etc/` directory, which generally lacks write permissions.

Execute Command as Another User

sudo -u www-data ls /var/www/html

Tests file access permissions by executing the `ls /var/www/html` command with the privileges of the `www-data` user (typically a web server process).

Switch to Root Shell

sudo -i

Enter the current user's password to obtain a completely switched shell into the root user's environment. After finishing tasks, you can type `exit` to return to the original user.

Check Current User's sudo Privileges

sudo -l

Checks which commands the currently logged-in user can execute via `sudo`, and whether a password is required.

Same category commands

apropos

apropos: Search Manual Pages

apt

APT (Advanced Package Tool) Command Guide

at

at Command Guide: Scheduling One-Time Tasks

crontab

Complete Guide to the crontab Command: How to Schedule Repetitive Tasks

dd

dd: File Conversion and Copying