Authors Top

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

1. Overview

In this tutorial, we’ll discuss the sudo command in Linux and various options available with it.

Additionally, we’ll see how sudo is different from su and when we should use it.

2. Introduction

Providing root access to all users is not a good practice. Nonetheless, normal users might need to execute some commands as superuser occasionally. This is where the sudo (Super User DO) access comes into the picture. The sudo command provides an efficient way to grant users the special rights to execute commands at the system (root) level. With sudo, we’ll be able to execute administrative tasks without switching users.

3. Installation

In most Linux distributions, the sudo package is installed by default.

To use sudo, let’s just type sudo and press enter.

$ sudo

If sudo is installed, the sudo package usage details will be displayed. If it’s not, a “command not found” message will be displayed.

Now, let’s see how to install sudo in various Linux distributions if it’s not installed already.

If we’re using the apt package manager, we’d type:

$ apt install sudo

Or, if we’re using yum:

$ yum install sudo

4. Granting sudo Access

We’ll need to grant sudo access to a user to make him a “sudoer”. User and group sudo privileges are defined in the /etc/sudoers file. We can either add the user directly to this file or add the user to the sudo group.

For demonstrating sudo privileges, we’re assuming that the user “baeldung” already exists.

4.1. Adding a User to the sudoers File

To add the user to the /etc/sudoers files, we’ll be using the visudo editor:

$ visudo

Let’s add a user to the file by inserting:

baeldung ALL=(ALL) NOPASSWD:ALL

With this configuration, the password will not be required when using sudo, and the user will be granted all sudo privileges.

We can also restrict the no-password setting to specific privileges like creating or deleting a directory. For this, we can add the statement:

baeldung ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir

4.2. Adding a User to the sudo Group

The sudo group is a group of users with access to the root account. This is similar to the Windows administrator group. Let’s add our “baeldung” user to the sudo group:

$ usermod -aG sudo baeldung

We’ll need to be root user or a user with sudo privileges to run the previous command.

5. Verifying sudo Privilege of a User

Sometimes, we want to check if a user has been granted sudo privilege. There are two scenarios: verify the current login user and check another user.

Next, we’ll address how to do sudo privilege verification in each scenario.

5.1. Checking the Current Login User

sudo provides an option -v to update the current user’s sudo cached credentials. If the user doesn’t have the sudo privilege, the command will fail and print a meaningful error message.

Let’s look at a couple of examples:

kent$ sudo -v
[sudo] password for kent: 

kent$ echo $?
0

First, we log in as the user kent, and execute the command sudo -v.

After we provide the password, sudo doesn’t print anything out, and the command has been successfully executed since we’ve gotten the return value 0.

Therefore, we know the user kent has been granted the sudo privilege, and we’ve updated his cached credentials.

Now, let’s log in as the user guest and test again:

guest$ sudo -v
Sorry, user guest may not run sudo on MyHost.

If the user doesn’t have the sudo permission, as the output above shows, the command will print the error message.

5.2. Checking an Arbitrary User

If we would like to check the sudo privilege of another user, we can use sudo‘s -l and -U options.

But the current login user, which is the checker, must have the sudo permission already. Let’s see some examples:

kent$ sudo -l -U guest
[sudo] password for kent: 
User guest is not allowed to run sudo on MyHost.

Our kent user has already the sudo privilege. When we verify the user guestsudo reports the target user doesn’t have the sudo permission granted.

Otherwise, if the target user has sudo permission, the detailed information of the user’s permission will be printed in the output.

Let’s check the user eric:

kent$ sudo -l -U eric
Matching Defaults entries for eric on MyHost:
    env_keep+=http_proxy, env_keep+=https_proxy, env_keep+=ftp_proxy

Runas and Command-specific defaults for eric:
    Defaults!/etc/ctdb/statd-callout !requiretty

User eric may run the following commands on MyHost:
    (ALL) ALL

6. Using sudo

We can execute a command with the sudo privileges simply with:

$ sudo COMMAND

We can also include options to customize the behavior of the sudo command:

$ sudo OPTION.. COMMAND

6.1. Examples

Let’s now see a few examples using the sudo command.

We can change the password of the user “sammy“:

$ sudo passwd sammy

Or we can use sudo to restart the system immediately:

$ sudo shutdown -r now

We can use the -k option with sudo to kill the current sudo authentication:

$ sudo -k

Now, the next time we issue the sudo command, the system will prompt for our password.

If we want to know the version of the sudo command version, we can use the -V option. This will print the sudo version number and exit.

$ sudo -V

Now, if we want to run the sudo command in the background without any user interaction, we can use the -b option.

$ sudo -b

When we run a command using the -b option, we cannot use shell job control to manipulate that process.

We can use the -h option to get help about the sudo command and its available options:

$ sudo -h

This will print all the available options of the sudo command, with a short description of each option.

6.2. sudo Return Values

When a command or program executes with sudo successfully, sudo will exit with a value of 0 (zero) and we’ll get the expected results from the command.

On the other hand, sudo will finish with an exit value of 1 (one) if an error or permissions problem occurs.

7. sudo vs su Command

The sudo command lets us use our account and password to execute system commands with root privileges, whereas the su command allows us to switch to a different user and execute one or more commands in the shell without logging out from our current session.

If we want to execute a few commands with the root privileges, we should use sudo. To completely switch to another user or switch to root for a longer session, we may want to use su instead.

8. Conclusion

To summarize, we discussed the sudo command in Linux. We demonstrated how to use it and presented some common usage examples. Finally, we compared the sudo and su commands and explained when we might choose one over the other.

Authors Bottom

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

Comments are closed on this article!