Sudo command in Linux

Filed Under: UNIX/Linux

Sudo is one of the most widely used commands by Linux administrators and beginners alike. In this guide, we will look at sudo command and its usages.

During the installation of most Linux Systems, one is usually required to create a root user, also known as a superuser and a regular user as well. The root user has all the privileges and permissions to perform any task in the system. As a root user, you can perform sensitive tasks such as installing/uninstalling packages, updating/upgrading system repositories, making modifications to system configurations and creating new users to mention just but a few.

As the saying goes, with great power comes great responsibility. Making some changes as the root user can be detrimental to your system and can cause irreparable damage and ultimate crashing of your system. For example, deleting boot configuration files will render your system unable to boot. For this reason, it’s recommended that by default, users should operate the system as a regular or non-root user.


So what happens when you need root privileges as a regular user to execute administrative tasks? In that case, the regular user needs to be granted sudo privileges. The regular user then needs to prefix the command with ‘sudo’ to execute them as a root user.

Creating a new sudo user in Ubuntu/Debian

To add the user to the sudo group execute the following command as the root user.

usermod -aG  sudo username

For example, let’s assume we have a regular user named “james” in our systems, the command will be:

usermod -aG sudo james

Output

Usermod Command

Creating a new sudo user in RHEL/CentOS/Fedora

To add a regular user to the sudoers group in RHEL/CentOS and Fedora, we have to modify the /etc/sudoers file. To achieve this run visudo command.

visudo

Output

Visudo Command

Append the line below and replace the username attribute with your real username.

username ALL = (ALL) ALL

Output

Visudo Add User To Sudoers Group

Save by pressing ESC and typing : wq and finally press ‘ENTER’.

Sudo Command Examples

Let’s now delve in and have a look at example usages of the sudo command.

To run commands with administrative privileges as a regular user

If you are running as a normal non-root user, prefix the command with sudo as shown.

sudo command_to_execute

For example, to update the system in Ubuntu & Debian as a regular user run

sudo apt update

You will be prompted for the password. Provide your password and hit ‘ENTER’. Note that you need to provide your password and not root password, even though you are running the command as a root user.

Output

Updating System With Sudo Command

For Fedora Systems execute:

sudo dnf update

Output

sudo dnf Update

For RHEL/CentOS execute:

sudo yum update

Clearing sudo cache

When a user tries to execute any command with sudo after the first time, they will not be prompted for a password in subsequent operations. This is because the sudo command is cached for only a few minutes before expiring.

To clear this cache run:

sudo -k

If you try to execute any operation after running the above command, you will be prompted for a password.

Output

Sudo -k sudo command

View commands allowed

If you are a little curious and wish to know the commands you can execute, simply run

sudo -l

Output

Sudo -l  View Commands Allowed

Switching to root user in Ubuntu Systems

By default, Ubuntu Systems do not ship in with a root user. To execute administrative tasks, you must first switch to root first and proceed with the execution of commands.

To change to root user in Ubuntu systems execute:

sudo su

Run commands as another user with sudo

Sudo command can also allow you to run commands as another user. The syntax for achieving this is

sudo -u username command_to_be_run

For example;

sudo -u james whoami

Output

Sudo Run Command As Another User

For more usages of the sudo command simply run the command below to access its help page.

man sudo

Can we change root password using sudo command?

As a matter of fact, Yes we can change the root password by running following command. We can change any user password by running passwd with sudo privilege.


$ sudo passwd root

It will ask for the new password for the root user. Just provide the new password and root password will be changed.

Sudo Redirect Output

Sometimes we have to redirect the output to a location where we don’t have direct access. We can’t use sudo command as is to perform this because our shell does the redirection and it doesn’t have access to that directory.


$ sudo ls /root > /root/ls.out
-bash: /root/ls.out: Permission denied
$

There are a few alternative ways to perform this. First one is to start a new shell with sudo and pass the command to it using -c option. This new shell will have sudo access to write to the specified location.


$ sudo sh -c 'ls /root > /root/ls.out'

There are some other alternatives too. You can create a shell script with the command and then execute it with sudo.


$ cat ls1.sh 
#!/bin/sh
ls /root > /root/ls1.out
$ sudo ls1.sh

We can also launch a shell with sudo -s command and then run these redirection commands.

How to find the sudoers users list?

The list of users having “sudo” privilege is present in “/etc/group” file.


$ cat /etc/group | grep -P '^sudo'
sudo:x:27:pankaj
$

The last part of the output contains the users’ list having sudo access. You can modify the command further to print only the list of users.


$ cat /etc/group | grep -P '^sudo' | cut -d: -f4
pankaj
$

Differences between sudo and su command

There exists some misconception about the usage of sudo and su commands. While some think they can be used interchangeably, a few subtle differences exist between the two.

sudo command allows a regular user to execute or perform system-level commands that are a special reserve for the root user. sudo is prefixed before command and prompts the regular user’s password before the command can be executed. Also, for the command to be executed, the user needs to be added to the sudoers group.

On the other hand, su command, enables switching entirely from a regular user to a root user. In this case, you need to provide the root password to enter into the root prompt.

In unique cases like in Ubuntu distros, a root user is created without a password. This is meant to discourage anyone from logging in as root. Thus, a password needs to be created for the root user. However, the two commands are used together when a regular user needs to get into root prompt and perform administration tasks as shown.


pankaj@ubuntu:~$ su -
Password: 
root@ubuntu:~# exit
pankaj@ubuntu:~$

We have to provide the root password above, not the user password. We can also switch to any other user.


pankaj@ubuntu:~$ su - james
Password: 
james@ubuntu:~# exit
pankaj@ubuntu:~$

pankaj@ubuntu:~$ sudo su
[sudo] password for pankaj: 
root@ubuntu:/home/pankaj#

The above command prompts the user for their password and drops into the root prompt.

Conclusion

When a user has sudo privilege, he can run any command. So, make sure you are providing sudo access to only those users who actually need it, such as system administrators.

Leave a Reply

Your email address will not be published. Required fields are marked *

close
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages