Security is one of the biggest advantages of the Linux operating system. It has user-level control over the commands and normal users cannot run the commands that require system administrator access. At the same time, you cannot provide root user access to every account. The solution is to enable sudo privileges, which allows normal users to execute root-level commands. Using the sudo command, system administrators can provide superuser access to normal Linux users.
In this tutorial, we will learn all about the sudo command in Linux, how to run it, and the available options for this command.
Sudo Command in Linux
Sudo, short for SuperUser Do, is a user access command that enables normal users to access files and perform operations that are otherwise restricted for the root user. By default, the Linux operating system restricts certain files and operating system settings from being accessed to ensure absolute safety.
The sudo command lets you install, update, or remove any software, as well as system configuration files. The Ubuntu Linux operating system does not have a root user account created by default, and you must create a root account manually.
When you run a command with sudo, you must enter the current user account’s password. By default, you do not need to enter the password for the next 15 minutes. When you run a command with sudo, then Linux enters a timestamp in the system log.
The basic syntax of the sudo command in Linux is as follows:
sudo [options] command
The sudo command in Linux supports the following options to perform additional operations:
|Kills or ends the current sudo privileges.|
|Lists privileges of the current user or checks privileges for a particular command.|
|Checks or validates the time limit on sudo privileges without running any command.|
|Displays the current version of the sudo command-line utility.|
|Displays syntax and command options of the sudo command.|
You can also find other supported options by using the -h option:
The sudo command-line utility is pre-installed in all Linux distributions. However, if it is not installed automatically or removed later, then you can install this utility using the package management repository of your Linux system.
Try running the sudo command without any options and if the sudo command-line tool is not installed, then you will get a “sudo command not found” error. If it is installed, then you will see the sudo command details.
In the above example, if you did not get the shown output, then you need to install the sudo package.
Note: You must be logged in as the root user to install sudo. Otherwise, you will get a “Permission Denied” error.
To install sudo on Debian and Ubuntu, type:
apt install sudo
To install sudo on RedHat-based Linux Distributions such as Fedora, CentOS Steam, Rocky Linux, AlmaLinux, type:
yum install sudo dnf install sudo
Give sudo Privileges
Let's check how to give sudo privileges to a user: adding to sudo group or by updating the sudoers file.
How to Add a User to Sudoers Group
Adding a new user to the sudoers is quite simple. You just add the user to the sudo group, which could be named differently in different distributions. When you add a normal user to the sudo group or sudoers, the user will be able to run commands as the root user.
To add a user to sudoers in Ubuntu, use the following command:
sudo usermod -aG sudo username
The sudo group in Fedora, RHEL, and CentOS is named wheel. Use the following command to add a user to sudoers in these distributions:
sudo usermod -aG wheel username
This example adds the user bob to the sudoers on an Ubuntu Linux system:
sudo usermod -aG sudo bob
You must have either root privileges or sudo access to add a user to sudoers. You also need sudo permissions to revoke sudo permissions.
The sudoers file is the core of the sudo. This configuration file controls which user can use the sudo privileges. This file is generally located in the /etc/sudoers. You can safely edit this by using the visudo command. When you edit the sudoers file using the visudo command, the file is locked and can not be edited by any other user.
To add a new user to the sudoers file, open the file:
sudo visudo /etc/sudoers
To add a new user to the sudoers, add the user to the list of users and provide the privilege specification:
Press Ctrl + S to save the changes and Ctrl + X to close the file editor.
The sudoers file provides multiple parameters that you can use to control the sudo access. For example, you can modify the system privileges for a particular user, disable password timeout, and can also change the password timeout option.
How to Run Sudo
Sudo is the most convenient and secure way to extend root privileges. You can run a single command with elevated privileges. Before running the command make sure user who running the command is added to the sudoers file (or the group).
To use the sudo command just prefix any root-level command with sudo and press Enter. After that, enter the current user’s password.
sudo is used
sudo [options] <root-level command>
For example, I want to install the samba package. Let me try installing it without sudo.
apt install samba
The installation didn't start because of permission denied. Now let's use the same command sudo:
sudo apt install samba
You can see we are able to start installation without any errors.
Sudo is safer than its alternatives because using su - command will require the root privileges and root password. After that, you permanently switch to the root user account and if you forget to exit from the root account or do not switch back to another user using the su command, it could pose security threats. With sudo, you don’t have to switch users back to normal user mode and thus will be able to avoid any accidents.
What else more we can do with sudo
Let's check a few more examples of sudo command.
Use sudo to Run as a Normal User
You can check a list of the commands that you can run with sudo privileges using the sudo -l command. You can also run commands as another user using the sudo command with the -u option. For example, to run a command as a normal user who does not have sudo privileges, try the following command:
sudo -u steve ls /
Using sudo switch to Root
To switch to an interactive session as a root, type:
Alternatively, you can run
sudo su - which is the same. In both cases, it switches to the login shell and in the root's home directory with the root's environment.
sudo run multiple commands
There are few ways to run multiple commands with sudo in a single line.
sudo sh -c 'command1 && command2' sudo -u username sh -c 'command1 && command2' sudo -- sh -c 'command1; command2'
For example to run date and ls command:
sudo --sh -c 'date; ls'
One handy command comes when you need to update a Debian-based system. Instead of running the update and upgrade separately, can combine them.
sudo -- sh -c 'apt update && sudo apt -y upgrade'
Remember upgrade command is executed only if the update command returns an exit status of zero.
Command-line redirection is the process on a Linux computer to use the input or output of a command or a file to use it as the input for another file. Using sudo redirection you can read from or write to files instead of just the commands.
When you use redirection (>) or pipe (|), it gives you the Permission Denied error because it is run using the current user, not the sudo user. You can fix this by using sudo sh -c to start a new shell as the root user:
sudo sh -c ‘echo “Steve” > /root/users.txt”
Sudo has a default password timeout in all Linux distributions. In Ubuntu, the default password timeout is 15 minutes. After that, you will have to enter the target user password again. This password timeout can be modified in the sudoers file.
To change the password timeout, open the file using the visudo editor and expand the Defaults env_reset parameter as shown below:
In this tutorial, we learned about the sudo command in Linux. Sudo is a very useful command to learn, and you can use it to perform a variety of tasks on your Linux computer. This tutorial will show you how to use the sudo command and add users to the sudoers list and the sudoers file. Check the sudo command man page for more details about the command options.