1. Overview
In this tutorial, we’ll discuss the sudo command in Linux and various options available with it.
Additionally, we’ll see how sudo is different from su and when we should use it.
2. Introduction
Providing root access to all users is not a good practice. Nonetheless, normal users might need to execute some commands as superuser occasionally. This is where the sudo (Super User DO) access comes into the picture. The sudo command provides an efficient way to grant users the special rights to execute commands at the system (root) level. With sudo, we’ll be able to execute administrative tasks without switching users.
3. Installation
In most Linux distributions, the sudo package is installed by default.
To use sudo, let’s just type sudo and press enter.
$ sudoIf sudo is installed, the sudo package usage details will be displayed. If it’s not, a “command not found” message will be displayed.
Now, let’s see how to install sudo in various Linux distributions if it’s not installed already.
If we’re using the apt package manager, we’d type:
$ apt install sudoOr, if we’re using yum:
$ yum install sudo4. Granting sudo Access
We’ll need to grant sudo access to a user to make him a “sudoer”. User and group sudo privileges are defined in the /etc/sudoers file. We can either add the user directly to this file or add the user to the sudo group.
For demonstrating sudo privileges, we’re assuming that the user “baeldung” already exists.
4.1. Adding a User to the sudoers File
To add the user to the /etc/sudoers files, we’ll be using the visudo editor:
$ visudoLet’s add a user to the file by inserting:
baeldung ALL=(ALL) NOPASSWD:ALLWith this configuration, the password will not be required when using sudo, and the user will be granted all sudo privileges.
We can also restrict the no-password setting to specific privileges like creating or deleting a directory. For this, we can add the statement:
baeldung ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir4.2. Adding a User to the sudo Group
The sudo group is a group of users with access to the root account. This is similar to the Windows administrator group. Let’s add our “baeldung” user to the sudo group:
$ usermod -aG sudo baeldungWe’ll need to be root user or a user with sudo privileges to run the previous command.
5. Verifying sudo Privilege of a User
Sometimes, we want to check if a user has been granted sudo privilege. There are two scenarios: verify the current login user and check another user.
Next, we’ll address how to do sudo privilege verification in each scenario.
5.1. Checking the Current Login User
sudo provides an option -v to update the current user’s sudo cached credentials. If the user doesn’t have the sudo privilege, the command will fail and print a meaningful error message.
Let’s look at a couple of examples:
kent$ sudo -v
[sudo] password for kent:
kent$ echo $?
0
First, we log in as the user kent, and execute the command sudo -v.
After we provide the password, sudo doesn’t print anything out, and the command has been successfully executed since we’ve gotten the return value 0.
Therefore, we know the user kent has been granted the sudo privilege, and we’ve updated his cached credentials.
Now, let’s log in as the user guest and test again:
guest$ sudo -v
Sorry, user guest may not run sudo on MyHost.If the user doesn’t have the sudo permission, as the output above shows, the command will print the error message.
5.2. Checking an Arbitrary User
If we would like to check the sudo privilege of another user, we can use sudo‘s -l and -U options.
But the current login user, which is the checker, must have the sudo permission already. Let’s see some examples:
kent$ sudo -l -U guest
[sudo] password for kent:
User guest is not allowed to run sudo on MyHost.Our kent user has already the sudo privilege. When we verify the user guest, sudo reports the target user doesn’t have the sudo permission granted.
Otherwise, if the target user has sudo permission, the detailed information of the user’s permission will be printed in the output.
Let’s check the user eric:
kent$ sudo -l -U eric
Matching Defaults entries for eric on MyHost:
env_keep+=http_proxy, env_keep+=https_proxy, env_keep+=ftp_proxy
Runas and Command-specific defaults for eric:
Defaults!/etc/ctdb/statd-callout !requiretty
User eric may run the following commands on MyHost:
(ALL) ALL6. Using sudo
We can execute a command with the sudo privileges simply with:
$ sudo COMMANDWe can also include options to customize the behavior of the sudo command:
$ sudo OPTION.. COMMAND6.1. Examples
Let’s now see a few examples using the sudo command.
We can change the password of the user “sammy“:
$ sudo passwd sammyOr we can use sudo to restart the system immediately:
$ sudo shutdown -r nowWe can use the -k option with sudo to kill the current sudo authentication:
$ sudo -kNow, the next time we issue the sudo command, the system will prompt for our password.
If we want to know the version of the sudo command version, we can use the -V option. This will print the sudo version number and exit.
$ sudo -VNow, if we want to run the sudo command in the background without any user interaction, we can use the -b option.
$ sudo -bWhen we run a command using the -b option, we cannot use shell job control to manipulate that process.
We can use the -h option to get help about the sudo command and its available options:
$ sudo -hThis will print all the available options of the sudo command, with a short description of each option.
6.2. sudo Return Values
When a command or program executes with sudo successfully, sudo will exit with a value of 0 (zero) and we’ll get the expected results from the command.
On the other hand, sudo will finish with an exit value of 1 (one) if an error or permissions problem occurs.
7. sudo vs su Command
The sudo command lets us use our account and password to execute system commands with root privileges, whereas the su command allows us to switch to a different user and execute one or more commands in the shell without logging out from our current session.
If we want to execute a few commands with the root privileges, we should use sudo. To completely switch to another user or switch to root for a longer session, we may want to use su instead.
8. Conclusion
To summarize, we discussed the sudo command in Linux. We demonstrated how to use it and presented some common usage examples. Finally, we compared the sudo and su commands and explained when we might choose one over the other.