sudo stands for "superuser do". It allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file.
- It provides a secure way for users to run administrative tasks without needing the root password.
- It's safer than logging in as root because it grants administrative privileges temporarily and logs all commands and failed access attempts.
When you run a command with sudo, you are typically asked to enter the password for your current user account. Upon successful authentication, Linux records a timestamp. This timestamp allows the user to run subsequent sudo commands without re-entering their password for a period of time. By default, this timeout period is 15 minutes. During these 15 minutes, you can run sudo commands without being prompted for your password again.
Note: The user needs to be added sudo (or wheel in some distro) group or the sudoers file, which grants them the ability to execute commands with sudo.
The basic syntax of the sudo command in Linux is as follows:
sudo [options] command
-u [user]: Run the command as a specified user.
-l: List the allowed (and forbidden) commands for the user.
-v: Extend the sudo timeout for another 15 minutes.
-k: Invalidate the user's cached credentials.
1. Run a Command as Root
For example, I want to install the samba package. Let me try installing it without sudo.
apt install samba
The installation didn't start because permission denied. Now let's use the same command with sudo:
sudo apt install samba
The above command will run the
apt install samba command with root privileges.
Another example of editing files needing root permissions:
sudo vi /etc/hosts
This opens the /etc/hosts file in the nano editor with root privileges.
2. Listing user privileges
-l option to know your privileges before attempting a command.
This lists what commands the current user can run with sudo.
3. Running a command as a different user
The sudo command can be used to run commands as a different user in Linux.
sudo -u tom /usr/bin/python sample.py
When you execute above entire command, it runs the sample.py script as if user tom was running it. This approach is particularly useful for running scripts or commands that require the specific permissions or environment of a different user.
4. Invoke login shell
sudo -i to invoke a login shell. This command will switch to a login shell as the root user.
Alternatively, you can run
sudo su - which is the same. In both cases, it switches to the login shell and in the root's home directory with the root's environment.
sudo -i -u bob echo \$HOME
The backslash (
\) before $HOME ensures that the variable is interpreted in the target user's shell, not the shell of the user running sudo. This command will print the home directory of the specified user, as defined in their environment.
Use case example:
sudo -u www-data bash -i -c "env"
Here you can effectively "log in" as www-data and run commands as if you were in a standard shell session for that user, even though their default shell is set to nologin.
5. Run multiple commands in a single line
There are few ways to run multiple commands with sudo in a single line.
sudo sh -c 'command1 && command2'
###This executes command1 and then command2 if command1 succeeds.
sudo -- sh -c 'command1; command2'###command2 is executed regardless of whether command1 succeeds or fails.
Run date and ls command:
sudo --sh -c 'date; ls'
Instead of running the update and upgrade separately, can combine them:
sudo -- sh -c 'apt update && sudo apt -y upgrade'
sudo with redirection Issue
When using sudo with redirection or pipes, the command before the redirection or pipe runs with elevated privileges, but the redirection itself does not.
A command like
sudo echo "Steve" > /root/users.txt would fail with a permission denied error. Here
echo "Steve" runs with root privileges, but
> /root/users.txt is attempted with the user's privileges, which typically do not include write access to
Fix: Use sudo sh -c
This starts a new shell as the root user, and then run the entire command, including redirection, within that shell.
sudo sh -c 'echo "Steve" > /root/users.txt'