Open In App

sudo command in Linux with Examples

Improve
Improve
Like Article
Like
Save
Share
Report

sudo (Super User DO) command in Linux is generally used as a prefix for some commands that only superusers are allowed to run. If you prefix any command with “sudo”, it will run that command with elevated privileges or in other words allow a user with proper permissions to execute a command as another user, such as the superuser. This is the equivalent of the “run as administrator” option in Windows. The option of sudo lets us have multiple administrators. 

These users who can use the sudo command need to have an entry in the sudoers file located at “/etc/sudoers”. Remember that to edit or view the sudoers file you have to use the sudo command. To edit the sudoers file it is recommended to use the “visudo” command. 

By default, sudo requires that users authenticate themselves with a password that is the user’s password, not the root password itself. 

The syntax for `sudo` command: 

sudo -V | -h | -l | -v | -k | -K | -s | [ -H ] [-P ] [-S ] [ -b ] | 
[ -p prompt ] [ -c class|- ] [ -a auth_type ] [-r role ] [-t type ] 
[ -u username|#uid ] command

Options Available in the `sudo` command

Options                                                                                                              Description Syntax
-V The -V (version) option causes sudo to print the version number and exit. If the invoking user is already root, the -V option will print out a list of the defaults sudo was compiled with. 
sudo -V
-l The -l (list) option will print out the commands allowed (and forbidden) the user on the current host. 
sudo -l
-h or –help The -h (help) option causes sudo to print a usage message and exit.
sudo -h
-v If, given the -v (validate) option, sudo will update the user’s timestamp, prompting for the user’s password if necessary. This extends the sudo timeout for another 5 minutes (or as given in sudoers) but does not run a command. This does not give any output. 
sudo -v
-k The -k (kill) option to sudo invalidates the user’s timestamp. So, the next time sudo is run a password will be required. This option does not require a password and was added to allow a user to revoke sudo permissions from a logout file. 
sudo -k
-K Similar to the -k option, the -K (sure kill) option is used to remove the user’s timestamp entirely. Likewise, this option does not require a password. 
sudo -K
 -b The -b (background) option tells sudo to run the given command in the background. Note that if you use the -b option you cannot use shell job control to manipulate the process. 
sudo -b [command]

(replace “command” with the command you want run in the background)

-p the sudo -p prompt command allows you to customize the password prompt that sudo displays when it requests the user’s password. By default, sudo will display a generic password prompt that looks like
sudo -p "Enter your password" [command]

(replace “command” with the command you want run in the background)

 -n The -n option allows sudo to execute a command without prompting for a password. This option is useful when running sudo commands as background jobs or in a shell script. The -n option stands for non-interactive.
sudo -n [command]

(replace “command” with the command you want run in the background)

-u The -u option causes sudo to run the specified command as a user other than root. To specify a UID instead of a username, use #uid.
sudo -u [user] [command]

(replace “command” with the command you want run in the background)

-s The -s option runs the shell specified by the SHELL environment variable if it is set or the shell as specified in the file passwd.
sudo -s [command]

(replace “command” with the command you want run in the background)

-H The -H option sets the HOME environment variable to the home directory of the target user (root by default) as specified in passwd. By default, sudo does not modify HOME.
sudo -H [command]

(replace “command” with the command you want run in the background)

-S The -S option causes sudo to read the password from standard input instead of the terminal device.
sudo -S [command]

(replace “command” with the command you want run in the background)

-a The -a option causes sudo to use the specified authentication type when validating the user, as allowed by /etc/login.conf. The system administrator may specify a list of sudo-specific authentication methods by adding an “auth-sudo” entry in /etc/login.conf.
sudo -a [auth-type] [command]

(replace “command” with the command you want run in the background)

The — flag indicates that sudo should stop processing command line arguments. It is most useful in conjunction with the -s flag.
sudo -- [command]

(replace “command” with the command you want run in the background)

The output of few commands

1. -V: The -V (version) option causes sudo to print the version number and exit. If the invoking user is already root, the -V option will print out a list of the defaults sudo was compiled with. 
 

sudo -V

sudo -V

2. -l: The -l (list) option will print out the commands allowed (and forbidden) the user on the current host. 

sudo -l

sudo -l

3. -h or –help: The -h (help) option causes sudo to print a usage message and exit. 

sudo -h

sudo -h

Environment Variables

These environment variables are used by sudo 

Tag Description
EDITOR 
 
Default editor to use in -e (sudoedit) mode if VISUAL is not set 
 
HOME 
 
In -s or -H mode (or if sudo was configured with the 
–enable-shell-sets-home option), set to homedir of the target user 

 

PATH 
 
Set to a sane value if the secure_path sudoers option is set. 

 

SHELL 
 
Used to determine shell to run with -s option 

 

SUDO_PROMPT 
 
Used as the default password prompt 

 

SUDO_COMMAND 
 
Set to the command run by sudo 

 

SUDO_USER 
 
Set to the login of the user who invoked sudo 

 

SUDO_UID 
 
Set to the uid of the user who invoked sudo 

 

SUDO_GID 
 
Set to the gid of the user who invoked sudo 

 

SUDO_PS1 
 
If set, PS1 will be set to its value 

 

USER 
 
Set to the target user (root unless the -u option is specified) 

 

VISUAL 
 
Default editor to use in -e (sudoedit) mode 
 

Frequently asked Questions about `sudo` command

1) What is `sudo` in Linux?

Sudo is a command in Linux that allows users to run commands with privileges that only root user have. It helps users to do tasks with administrative power without logging in as the root user, though sometimes it can be risky.

2) Which Linux commands need `sudo` privileges?

There are many Linux commands that are needed to execute with sudo privileges such as networking commands, package management commands and system level commands. For example, commands that require sudo privileges to run are `yum`, `systemctl`, `mount`, `apt-get`, `fdisk` and `ifconfig`.

3) What can I run with sudo?

There are many Linux commands that require sudo privileges to run but one must remember to use it with caution as they can modify critical system configurations and files. To avoid consequences, we should check twice before running commands. Commands like:

  • Installing a new package: `sudo apt-get install package_name`
  • Updating the system: `sudo apt-get update && sudo apt-get upgrade`
  • Modifying system configurations: `sudo nano /etc/fstab`
  • Starting a system service: `sudo systemctl start service_name`
  • Stopping a system service: `sudo systemctl stop service_name`
  • Creating a new user account: `sudo useradd username`
  • Changing file permissions: `sudo chmod 755 file_name`

4) What is difference between su and sudo command in Linux?

In Linux, the su (switch user) command enables users to log in as another user, often the root user, and access their files and settings. In contrast, the sudo command enables users to run certain commands with increased privileges without logging in as the root user. Sudo is a more secure method of granting temporary root privileges to users.

5) How do I give and take user sudo access in Linux?

In Linux we can give or take `sudo` access by adding or removing the username from the file called `sudores`. To add username to the sudoers we need to run `sudo visudo` command and edit the file and add the line that will give access to user. For example: “username ALL=(ALL:ALL) ALL” gives the user complete access to the sudo command.

And We can disable a user’s sudo access by using the same command “sudo visudo” which will be used to edit the sudoers file and remove the line that gives them sudo access. Once the line is deleted, the user will no longer be able to use the sudo command to execute privileged commands.



Last Updated : 05 May, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads