Sudo is one of the most widely used commands by Linux administrators and beginners alike. In this guide, we will look at sudo command and its usages.
During the installation of most Linux Systems, one is usually required to create a root user, also known as a superuser and a regular user as well. The root user has all the privileges and permissions to perform any task in the system. As a root user, you can perform sensitive tasks such as installing/uninstalling packages, updating/upgrading system repositories, making modifications to system configurations and creating new users to mention just but a few.
As the saying goes, with great power comes great responsibility. Making some changes as the root user can be detrimental to your system and can cause irreparable damage and ultimate crashing of your system. For example, deleting boot configuration files will render your system unable to boot. For this reason, it’s recommended that by default, users should operate the system as a regular or non-root user.
So what happens when you need root privileges as a regular user to execute administrative tasks? In that case, the regular user needs to be granted sudo privileges. The regular user then needs to prefix the command with ‘sudo’ to execute them as a root user.
Creating a new sudo user in Ubuntu/Debian
To add the user to the sudo group execute the following command as the root user.
usermod -aG sudo username
For example, let’s assume we have a regular user named “james” in our systems, the command will be:
usermod -aG sudo james
Creating a new sudo user in RHEL/CentOS/Fedora
To add a regular user to the sudoers group in RHEL/CentOS and Fedora, we have to modify the
/etc/sudoers file. To achieve this run
Append the line below and replace the username attribute with your real username.
username ALL = (ALL) ALL
Save by pressing ESC and typing
: wq and finally press ‘ENTER’.
Sudo Command Examples
Let’s now delve in and have a look at example usages of the
To run commands with administrative privileges as a regular user
If you are running as a normal non-root user, prefix the command with
sudo as shown.
For example, to update the system in Ubuntu & Debian as a regular user run
sudo apt update
You will be prompted for the password. Provide your password and hit ‘ENTER’. Note that you need to provide your password and not root password, even though you are running the command as a root user.
For Fedora Systems execute:
sudo dnf update
For RHEL/CentOS execute:
sudo yum update
Clearing sudo cache
When a user tries to execute any command with sudo after the first time, they will not be prompted for a password in subsequent operations. This is because the sudo command is cached for only a few minutes before expiring.
To clear this cache run:
If you try to execute any operation after running the above command, you will be prompted for a password.
View commands allowed
If you are a little curious and wish to know the commands you can execute, simply run
Switching to root user in Ubuntu Systems
By default, Ubuntu Systems do not ship in with a root user. To execute administrative tasks, you must first switch to root first and proceed with the execution of commands.
To change to root user in Ubuntu systems execute:
Run commands as another user with sudo
Sudo command can also allow you to run commands as another user. The syntax for achieving this is
sudo -u username command_to_be_run
sudo -u james whoami
For more usages of the sudo command simply run the command below to access its help page.
Can we change root password using sudo command?
As a matter of fact, Yes we can change the root password by running following command. We can change any user password by running
passwd with sudo privilege.
$ sudo passwd root
It will ask for the new password for the root user. Just provide the new password and root password will be changed.
Sudo Redirect Output
Sometimes we have to redirect the output to a location where we don’t have direct access. We can’t use sudo command as is to perform this because our shell does the redirection and it doesn’t have access to that directory.
$ sudo ls /root > /root/ls.out -bash: /root/ls.out: Permission denied $
There are a few alternative ways to perform this. First one is to start a new shell with sudo and pass the command to it using -c option. This new shell will have sudo access to write to the specified location.
$ sudo sh -c 'ls /root > /root/ls.out'
There are some other alternatives too. You can create a shell script with the command and then execute it with sudo.
$ cat ls1.sh #!/bin/sh ls /root > /root/ls1.out $ sudo ls1.sh
We can also launch a shell with
sudo -s command and then run these redirection commands.
How to find the sudoers users list?
The list of users having “sudo” privilege is present in “/etc/group” file.
$ cat /etc/group | grep -P '^sudo' sudo:x:27:pankaj $
The last part of the output contains the users’ list having sudo access. You can modify the command further to print only the list of users.
$ cat /etc/group | grep -P '^sudo' | cut -d: -f4 pankaj $
Differences between sudo and su command
There exists some misconception about the usage of
su commands. While some think they can be used interchangeably, a few subtle differences exist between the two.
sudo command allows a regular user to execute or perform system-level commands that are a special reserve for the root user.
sudo is prefixed before command and prompts the regular user’s password before the command can be executed. Also, for the command to be executed, the user needs to be added to the sudoers group.
On the other hand, su command, enables switching entirely from a regular user to a root user. In this case, you need to provide the root password to enter into the root prompt.
In unique cases like in Ubuntu distros, a root user is created without a password. This is meant to discourage anyone from logging in as root. Thus, a password needs to be created for the root user. However, the two commands are used together when a regular user needs to get into root prompt and perform administration tasks as shown.
pankaj@ubuntu:~$ su - Password: root@ubuntu:~# exit pankaj@ubuntu:~$
We have to provide the root password above, not the user password. We can also switch to any other user.
pankaj@ubuntu:~$ su - james Password: james@ubuntu:~# exit pankaj@ubuntu:~$
pankaj@ubuntu:~$ sudo su [sudo] password for pankaj: root@ubuntu:/home/pankaj#
The above command prompts the user for their password and drops into the root prompt.
When a user has sudo privilege, he can run any command. So, make sure you are providing sudo access to only those users who actually need it, such as system administrators.