How to Use the sudo Command

On most Linux systems, there are two basic types of user accounts: The root user (which also is called the “super user”) and the normal user.

The root user account is a special account that has full access to any program and all files on the system. A normal user account only has access to his/her own home directory, any commonly accessible programs and files and potentially any programs and files the user has been granted access to (by the root user).

This implies that there are programs and files to which a normal user does not have access by default. For example, a normal user can’t use the apt-get and dpkg package manager tools for installing or updating packages on a Debian/Ubuntu system. This type of user also can’t edit any global configuration files located in the “/etc” directory. There are many other situations just like these examples.

To allow normal users to do certain tasks with root user privileges, without giving them the root password, we can use the sudo tool.

With sudo, it is possible to grant users access to certain commands on certain hosts or simply grant them access to all that the root user can do. Sudo also logs every executed command to a log file (/var/log/auth.log), so the system administrator can keep an eye on what is done with sudo.

Sudo Configuration

To learn how to configure sudo for certain users and with certain restrictions, see these tutorials:

To find out exactly what sudo permissions you have on your system, run the following command:

This could result in the following output for the example user “john” on the “server1” host:

The last line means this user can execute sudo on all hosts as any target user for any command.

Sudo Command Options

This is a summary of the sudo command options we will use in this tutorial:

  • -llist the permissions of the sudo invoking user
  • -urun command as another user
  • -eedit one or more files instead of executing a command
  • sudoedit is an alias for “sudo -e”

Sudo Command Examples

To run commands as the root user, you would use the following syntax:

Lets install the “git” version control software using apt-get package manager. If we were to try this without using sudo:

We would get this error message:

However, if we now add the sudo command before our previous command, we will get asked to fill in our own password first, after which the system will execute our command with the root user privileges:

With sudo, we also can run commands as a user other than root by using the -u option. This can be useful in cases when certain programs expect a certain user environment (i.e. for the mysql or postgres database users). The syntax for doing that is:

To run desktop (graphical windowing) applications as another user, we need to use the gksu command.

For example, we would open synaptic (the Debian/Ubuntu package manager frontend) like this from the command line (instead of going through the desktop menu system):

You would be prompted to enter your password in a graphical window, after which the command begin execution.

To edit a file as the root user instead of executing a command:

You could have used the sudoedit command, which is simply a shortcut for sudo -e.

Note that you can change the editor used as described here.

Alternatively you also could simply have executed your favorite editor:

If you need to have root privileges for many different commands, sometimes it can be useful to become the root user. This command will only work if the invoking user has the rights for executing the su command (also referred to as substitute user, super user, or switch user). By default, without any other command line argument, this will elevate the current user to the root user of the local system.

Now you can do a series of tasks that require root user privileges. Be careful, however, not to wreak havoc with these persistent superpowers.

PJ Fancher

Questions or Comments? Ask PJ!

Ask a question and PJ will respond to you. We strive to provide the best advice on the net and we are here to help you in any way we can.