How to Use the sudo Command

Use Sudo Command

On most Linux systems, there are two basic types of user accounts: The root user (which also is called the “super user”) and the normal user.

The root user account is a special account that has full access to any program and all files on the system. A normal user account only has access to his/her own home directory, any commonly accessible programs and files and potentially any programs and files the user has been granted access to (by the root user).

This implies that there are programs and files to which a normal user does not have access by default. For example, a normal user can’t use the apt-get and dpkg package manager tools for installing or updating packages on a Debian/Ubuntu system. This type of user also can’t edit any global configuration files located in the “/etc” directory. There are many other situations just like these examples.

To allow normal users to do certain tasks with root user privileges, without giving them the root password, we can use the sudo tool.

With sudo, it is possible to grant users access to certain commands on certain hosts or simply grant them access to all that the root user can do. Sudo also logs every executed command to a log file (/var/log/auth.log), so the system administrator can keep an eye on what is done with sudo.

Sudo Configuration

To learn how to configure sudo for certain users and with certain restrictions, see these tutorials:

To find out exactly what sudo permissions you have on your system, run the following command:

sudo -l

This could result in the following output for the example user “john” on the “server1” host:

Matching Defaults entries for john on server1:
env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

User john may run the following commands on server1:
(ALL : ALL) ALL

The last line means this user can execute sudo on all hosts as any target user for any command.

Sudo Command Options

This is a summary of the sudo command options we will use in this tutorial:

  • -l: list the permissions of the sudo invoking user
  • -u: run command as another user
  • -e: edit one or more files instead of executing a command
  • sudoedit is an alias for “sudo -e”

Sudo Command Examples

To run commands as the root user, you would use the following syntax:

sudo command

Lets install the “git” version control software using apt-get package manager. If we were to try this without using sudo:

apt-get install git

We would get this error message:

E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

However, if we now add the sudo command before our previous command, we will get asked to fill in our own password first, after which the system will execute our command with the root user privileges:

sudo apt-get install git

With sudo, we also can run commands as a user other than root by using the -u option. This can be useful in cases when certain programs expect a certain user environment (i.e. for the mysql or postgres database users). The syntax for doing that is:

sudo -u username command

To run desktop (graphical windowing) applications as another user, we need to use the gksu command.

For example, we would open synaptic (the Debian/Ubuntu package manager frontend) like this from the command line (instead of going through the desktop menu system):

gksu synaptic

You would be prompted to enter your password in a graphical window, after which the command begin execution.

To edit a file as the root user instead of executing a command:

sudo -e /etc/hostname

You could have used the sudoedit command, which is simply a shortcut for sudo -e.

"sudoedit /etc/hostname"

Note that you can change the editor used as described here.

Alternatively you also could simply have executed your favorite editor:

sudo vim /etc/hostname

If you need to have root privileges for many different commands, sometimes it can be useful to become the root user. This command will only work if the invoking user has the rights for executing the su command (also referred to as substitute user, super user, or switch user). By default, without any other command line argument, this will elevate the current user to the root user of the local system.

su

Now you can do a series of tasks that require root user privileges. Be careful, however, not to wreak havoc with these persistent superpowers.

Advertiser Disclosure

HostingAdvice.com is a free online resource that offers valuable content and comparison services to users. To keep this resource 100% free, we receive compensation from many of the offers listed on the site. Along with key review factors, this compensation may impact how and where products appear across the site (including, for example, the order in which they appear). HostingAdvice.com does not include the entire universe of available offers. Editorial opinions expressed on the site are strictly our own and are not provided, endorsed, or approved by advertisers.

Our Editorial Review Policy

Our site is committed to publishing independent, accurate content guided by strict editorial guidelines. Before articles and reviews are published on our site, they undergo a thorough review process performed by a team of independent editors and subject-matter experts to ensure the content’s accuracy, timeliness, and impartiality. Our editorial team is separate and independent of our site’s advertisers, and the opinions they express on our site are their own. To read more about our team members and their editorial backgrounds, please visit our site’s About page.