Linux, a very capable operating system for server operations, offers extensive control over system operations.
Ask any Linux user, and they’ll tell you that the sudo command is a crucial tool in managing their systems. Standing for “superuser do,” this command allows users to execute commands with administrative privileges. Generally, it is used to execute commands for system management and security.
In this comprehensive tutorial, we’ll show you how to use the sudo command in Linux systems. We’ll start with how to use this command in several Linux distributions. We’ll round off with fifteen use cases where you can use sudo to optimize your system administration experience.
Table Of Contents
- Prerequisites
- How to Use the sudo Command in Linux?
- Granting sudo Privileges
- How to Use the sudo Command in Linux: Practical Examples
- Example #1: Update System Packages
- Example #2: Run a Script as Another User
- Example #3: Start a Root Shell Session
- Example #4: Rerun the Last Command with Elevated Privileges
- Example #5: Execute a Sequence of Commands
- Example #6: Append Text to a Protected File
- Example #7: Restart a Service
- Example #8: Install a Package on a System
- Example #9: Edit a System Configuration File
- Example #10: View Protected Log Files
- Example #11: Add a New User Account
- Example #12: Change File Owners
- Example #13: Change Hostname
- Example #14: List Disk Usage
- Example #15: Kill a Process
- Conclusion
- FAQ
Prerequisites
Before delving into sudo, ensure you have:
-
- A Linux system (any mainstream distribution).
- Basic understanding of Linux commands and command line operations.
- Access to a user account with sudo privileges or root privileges.
How to Use the sudo Command in Linux?
Let’s start with an overview of the command:
Syntax
The basic syntax of the sudo command is:
sudo [OPTION] COMMAND
This syntax allows you to run the COMMAND as a superuser or another user on the command prompt.
The Command Flags
The robustness of the sudo command comes from the flags that extend the capabilities of the base command. Some of these flags are:
- -u [user]: Execute as a specified user.
- -l: List allowed (and forbidden) commands for the current user.
- -v: Extend sudo timeout for another 15 minutes.
- -h: Excellent resource for troubleshooting or for understanding more about what each option in sudo does.
Granting sudo Privileges
Granting sudo privileges to users is an important aspect of managing a Linux system. Users with this privilege level can perform tasks that require administrative or superuser permissions.
We strongly recommend caution when assigning these privileges to users because of the potential for system-wide changes.
Here’s how you can do it on different Linux distributions
RedHat and CentOS
For RedHat and CentOS, add users to the wheel group to grant them sudo privileges:
# usermod -aG wheel username
Debian and Ubuntu
In Debian and Ubuntu, users are added to the sudo group:
# adduser username sudo
Note: To perform these actions, you might need to log in with an administrator account or utilize the su command to switch to a user with the necessary permissions.
Using visudo and the sudoers Group
The sudoers file is the core configuration file for sudo, mainly in Debian-based distributions. It determines who can run what commands as which users on which machines. This file is typically located at /etc/sudoers.
visudo is a utility for safely editing the sudoers file.
It uses the system’s default editor, often Vi or Vim. You can set a different editor by exporting the EDITOR environment variable. For instance, use this statement to set nano as your default system editor.
export EDITOR=nano
During the edit process, visudo locks the sudoers file, preventing simultaneous edits that could lead to corruption or misconfiguration by multiple users. It also performs syntax checking to avoid errors because of improperly formatted statements.
sudoers Syntax and Structure
The sudoers file contains entries defining which users or groups have sudo privileges. Each entry typically follows this format:
user HOST = (USER:GROUP) COMMANDS
You can define aliases for users, hosts, and commands to simplify and organize entries. Here are two examples of how you can define these aliases:
User_Alias ADMINS = alice, bob
Cmnd_Alias UPDATE = /usr/bin/apt update, /usr/bin/apt upgrade
Add a line to the sudoers file in the following format to grant a user basic sudo privileges:
ameya ALL=(ALL:ALL) ALL
Even when assigned the basic sudo privileges, the user must still enter a password when executing a command. If you want a user to sidestep this process, add the following statement:
ameya ALL=(ALL:ALL) NOPASSWD: ALL
The sudo privileges are usually assigned through groups for easier management. For instance, on Ubuntu, users in the sudo group have administrative privileges. The following statement means all users in the sudo group can execute any command on any host as any user:
%sudo ALL=(ALL:ALL) ALL
Best Practices
When working with the sudoers file, we recommend the following best practices:
- Limit Access: Only grant permissions that are absolutely necessary.
- Use Aliases: For complex configurations, use aliases to keep the sudoers file manageable and readable.
- Regular Review: Periodically review the sudoers file for any necessary updates or security improvements.
How to Use the sudo Command in Linux: Practical Examples
Example #1: Update System Packages
To update all installed packages, run the following command:
# sudo apt-get update && sudo apt-get upgrade
This is a common operation in the Debian-based distribution like Ubuntu.
Example #2: Run a Script as Another User
Execute a script from the user ameya’s account:
# sudo -u ameya /path/to/script.sh
Example #3: Start a Root Shell Session
Start a new root access session:
# sudo -s
This opens a new shell session as the root user.
Example #4: Rerun the Last Command with Elevated Privileges
If you forgot to add sudo to a command (and the command didn’t run as expected), simply run the following command to execute the last entered shell command with sudo:
# sudo !!
Example #5: Execute a Sequence of Commands
If you need to run multiple commands that require sudo privileges, use the following syntax:
# sudo sh -c 'command1 && command2 && command3'
Example #6: Append Text to a Protected File
Use the echo command with sudo to add text to a protected file:
# echo "new line of text" | sudo tee -a /path/to/file.txt
Example #7: Restart a Service
You need the sudo command to restart a service on a server. For instance, use the following commands to install and restart Apache on your system:
# sudo apt-get install apache2
# sudo systemctl restart apache2
Example #8: Install a Package on a System
You need the sudo privileges to install a package on Debian-based Linux distributions. Here’s the syntax of this command: # sudo apt-get install packagename
Example #9: Edit a System Configuration File
All system configuration files on a Linux system are protected by default. You need sudo privileges to access and edit these files. For instance, the following command uses the nano editor with sudo permissions to edit the hosts files (that contains the IP mapping information):
# sudo nano /etc/hosts
Example #10: View Protected Log Files
You need sudo privileges to view log files on your Linux system. For instance, the following command outputs the contents of the syslog file in the terminal:
# sudo cat /var/log/syslog
Example #11: Add a New User Account
Use the following command to create a new user account:
# sudo adduser newusername
Example #12: Change File Owners
Use the sudo command to change the ownership of a file:
# sudo chown username:groupname filename
Example #13: Change Hostname
Change the system’s hostname with the following command:
# sudo hostnamectl set-hostname newhostname
Example #14: List Disk Usage
Use the following syntax to check disk usage by directories:
# sudo du -sh /var/*
Example #15: Kill a Process
You can easily kill a process with the sudo privileges. Note that you need to know the process ID for this command:
# sudo kill -9 PID
Conclusion
Mastering sudo is a crucial skill in efficient Linux system management. Whether you’re administering a personal laptop or managing servers(like those provided by RedSwitches Bare Metal Hosting), understanding sudo elevates your control and security in the Linux environment.
If you’re looking for a robust server for your Linux projects, RedSwitches offers the best dedicated servers pricing and delivers instant dedicated servers, usually on the same day the order gets approved. Whether you need a dedicated server, a traffic-friendly 10Gbps dedicated server, or a powerful bare metal server, we are your trusted hosting partner.
FAQ
Q. What is the purpose of the sudo command in Linux?
The sudo command in Linux allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.
Q. How do I use the sudo command in Linux?
To use the sudo command in Linux, you simply type “sudo” followed by the command you want to execute with elevated privileges.
Q. What is the difference between su and sudo su?
The su command allows you to switch to another user, while sudo su allows you to switch to the superuser account with the sudo command.
Q. How can I set a password timeout for the sudo command?
You can set a password timeout for the sudo command by editing the sudoers file using the visudo command and configuring the default timestamp_timeout option.
Q. Can I run a command in the background with sudo?
Yes, you can run a command in the background with sudo by adding an ampersand (&) at the end of the command.
Q. What is the purpose of the visudo command?
The visudo command is used to edit the sudoers file safely. The utility locks the sudoers file and provides warnings about syntax errors before saving any changes.
Q. How can I allow a regular user to run commands as a super user?
You can allow a regular user to run commands as a superuser by adding the user to the sudo group in the sudoers file.
Q. What are the important considerations when using the sudo command?
When using the Linux sudo command, it’s important to understand that with great power comes great responsibility, and you should be mindful of the commands you execute with elevated privileges.
Q. What should the system administrator do if he forgets the root password?
If you forget the root password, you can use the sudo command with a user with sudo access to perform administrative tasks without needing the root password.
Q. How can I learn how to use the sudo command with elevated privileges?
To learn how to use the sudo command with elevated privileges, you can use the following resources and practice executing commands as a sudo user on different distributions of Linux.