The sudo command in Linux bridges the gap between convenience and security. In Linux, the system requires elevated privileges to ensure system integrity and security. The sudo command allows only authorized users to perform administrative tasks without directly logging in as the root user, which adds a layer of safety by temporarily allowing higher privileges only when needed, reducing the risk of accidental or unauthorized system changes. Whether you are installing software or editing protected files, sudo is an important tool for system administrators and regular users alike.
Table of Contents:
What is the sudo Command in Linux?
The sudo command in Linux is often interpreted as Super User DO. It gives regular users temporary access to administrative privileges to perform the tasks that require high-level permissions, like installing software or modifying system files. It is similar to the run as administrator command in Windows. If the user is listed inside the /etc/sudoers file, and enters a valid password, users can execute commands without switching to the root user according to the permissions allotted.
Note: By default, the superuser is root.
Syntax of the sudo command in Linux
Below is the syntax of the sudo command in Linux
sudo [OPTIONS] COMMAND [ARGUMENTS...]
In the above syntax,
- sudo is the command used to request the privileges of the superuser
- OPTIONS are the flags that modify the behavior of sudo
- COMMAND is the actual command you want to run as the superuser
- ARGUMENTS are the additional parameters or flags
Master DevOps Today - Accelerate Your Future
Enroll Now and Transform Your Future
Installing the sudo Command
The modern Linux system has the sudo command by default. To verify that the sudo package is installed in your system, follow the steps below.
- Open your terminal
- Type sudo and press Enter
- If the sudo package is installed, a brief help message will appear, but if it is not present, you will see a message sudo: command not found.
You will get the following message if your system has the sudo package present.
To download the sudo package, manually use the following command.
1. Install sudo on RHEL, CentOS, Fedora, AlmaLinux, Rocky Linux
To install the sudo command on CentOS, Fedora, or any of the above, you can use the following command.
yum install sudo # For older systems
dnf install sudo # For newer systems
2. Install sudo on Debian and Ubuntu
To install the sudo command on Debian or Ubuntu, you can use the following command.
apt update
apt install sudo
Different Options of the sudo Command
There are many options available in the sudo command in Linux. Now, let us discuss some of them in detail.
1. -v
Normally, when you run the sudo command, your password is cached for a short period of time (usually 5 minutes), i.e., if you don’t use another sudo command within that period of time, you have to enter the password again. This option tells sudo to refresh or extend the current authentication timestamp, so that your authentication stays active for a longer period.
Below is the syntax of it:
sudo -v
2. -l
This option is used to list all the commands that the current user is allowed to run using sudo as its privileges. It is useful when you want to verify your sudo access rights, i.e., to verify the permissions and actions allowed to perform. It is used
- By the system administrators to test the privileges of the configured user
- By the user to verify what privileges are allowed
Below is the syntax of it:
sudo -l
3. -h or –help
This option shows a summary of all the sudo options and usage with their syntax and acts as a quick reference guide for a user.
Below is the syntax of it:
sudo -h
OR
sudo --help
4. -V
This command displays the version information about the sudo command. It provides the details like version number, security policies, configuration options, and so on. It is used when the user wants to see how sudo was compiled on your system (because different sudo versions have different features), or a system administrator wants to compare the environments across the servers.
Below is the syntax of it:
sudo -V
5. -k
This option cleans all the cached sudo credentials forcefully, due to which the user has to enter the password again when the sudo command is used. It is used for security purposes, when you want to end your session, and prevent other users from running your privileged commands.
Below is the syntax of it:
sudo -k
6. -K
This option completely removes the user’s cached credentials entirely, rather than -k. After this option, the system acts as if you are a new user and have never authenticated with the sudo command. You will be prompted for a password next time, regardless of the timeout.
Below is the syntax of it:
sudo -K
7. -b
This option runs the specified command in the background while allowing the user to continue using the terminal for any other activity. It is useful for running processes without blocking the terminal.
Below is the syntax of it:
sudo -b command
8. -p
This option allows you to customize the password prompt that appears when sudo prompts for a password. It maintains clarity and can be used for a security purpose to prevent unauthorized users from recognizing the prompt.
Below is the syntax of it:
sudo -p "Enter your password, %u on %h: "
- %u will be replaced with the username.
- %h is the hostname.
9. -n
This option allows the user to run the command without asking for a password if you have entered a sudo password recently, or the system does not require a password for the sudo command.
Below is the syntax of it:
sudo -n
10. -s
This option is used to start the shell with root privileges, using the default shell of the current user.
Below is the syntax of it:
sudo -s
11. -u
This option lets you run a command as another user by specifying a username. It allows you to run the command as another user. For example, for the command sudo whoami, run the shell as the root user, and for the command sudo -u akshat whoami, run the command as the user akshat.
Below is the syntax of it:
sudo -u <username>
12. -H
This option sets the HOME environment variable to the home directory of the target user. It is essential when the applications running are dependent on the HOME variables to store the configuration files.
Below is the syntax of it:
sudo -H
13. -S
This option stands for stdin password input and tells sudo to read the password without prompting them interactively. Normally, while running the sudo command, the password is entered interactively, but with the -S option password is entered silently instead of typing it when prompted.
Below is the syntax of it:
sudo -S
14. -a
This option is used to specify the authentication type, i.e., it lets you choose how you want to prove your identity, but only when your Linux system supports multiple ways to check your identity. Authentication methods, like in companies, can be password, fingerprint, or face recognition.
Below is the syntax of it:
sudo -a <type>
In the above syntax, type refers to the authentication method
15. -c
This option is used to run a command with a specified SELinux security context. SELinux (Security-Enhanced Linux) is a security module in Linux that enforces access control policies. These policies define what actions users can perform on different system resources.
Below is the syntax of it:
sudo -c "context"
In the above syntax, context refers to the SELinux context you want to apply
16. -P
This option tells sudo not to reset the PATH environment variable to a secure value before running the command. Normally, sudo overwrites some environment variables like PATH due to security reasons. But, using the -P command allows you to preserve your current PATH environment instead of switching to a secure one.
Below is the syntax of it:
sudo -P
Note: -P can be risky because it may expose the user to malicious PATH manipulation.
17. -r
This option allows you to specify a SELinux (Security-Enhanced Linux) role when running a command with sudo. Instead of allowing permissions only, SELinux also assigns an access control context to users, processes, and files.
Below is the syntax of it:
sudo -r <role>
18. —
This option ensures that any arguments following — are treated as a part of the command being run, not as options to sudo. It is useful when the command you are running has options that look like sudo options (e.g., -h, -l, -v, etc.).
Below is the syntax of it:
sudo -- <command> [command-options]
Get 100% Hike!
Master Most in Demand Skills Now!
19. -g
This option is used to run a command as if it were executed by a specific group, not just a specific user. It allows the user to change the group ID of the process started, which makes it useful when file access or permissions depend on the ownership.
Below is the syntax of it:
sudo -g group_name_or_gid command
In the above syntax, group_name_or_gid is the name or the number of the group you want to run.
What is sudo su?
The sudo su command in Linux is used to switch to the root user, giving you full privileges of the administrator, just like the root user. sudo su is made up of two words containing
- sudo gives you root access to users who are authorized in the /etc/sudoers file.
- su stands for substitute user, or switch user, and is used to switch to the root user by default.
Below is the syntax of the sudo su command in Linux
sudo su
Difference Between sudo and sudo su
| Feature |
sudo |
sudo su |
| Purpose |
Runs a single command with root privileges |
Starts a new shell as the root user |
| Behavior |
Executes the given command as root, then returns to the current user |
Switches to root and remains logged in as root until you exit |
| Security |
More secure, as it limits the time spent as root |
Less secure if you forget to exit the root shell |
| Shell Environment |
Stays in the current user’s environment |
Switches to the root’s shell environment |
Environment Variables
Environment variables are the values stored in the shell’s environment. They affect the behaviour of the process and programs running in Linux and are used to store the values such as the current user’s name, home directory, default shell, path locations, and more.
Some of the commonly used environment variables are
| Variable |
Description |
| EDITOR |
The default text editor for sudoedit (-e) mode, if VISUAL is not set. |
| VISUAL |
It is the preferred text editor for sudoedit mode and takes priority over EDITOR. |
| HOME |
The home directory set for the target user when using -s (shell) or -H (set home) mode. |
| PATH |
It defines where the system looks for commands. sudo sets this to a safe path if secure_path is enabled in the sudoers file. |
| SHELL |
It is used by sudo -s to decide which shell to run. |
| SUDO_PROMPT |
It customizes the password prompt shown when using sudo. |
| SUDO_USER |
It stores the username of the person who originally ran the sudo command. |
| SUDO_COMMAND |
The exact command that was run with sudo. |
| SUDO_UID |
The user ID (UID) of the user who ran sudo. |
| SUDO_GID |
The group ID (GID) of the user who ran sudo. |
| SUDO_PS1 |
If set, this becomes the shell prompt (PS1) for the target shell session. |
| USER |
It sets the target user unless changed using -u. |
Granting sudo Access
To perform administrative tasks in Linux, a user needs some powerful privileges. The sudo command in Linux allows the user to execute tasks as the root user without logging in as the root directly. By default, not every user has this access, and you have to explicitly grant a user the sudo privilege by adding the user to the sudoers or to the sudo group, as per the Linux distribution.
1. Adding a User to the sudoers File
You can manually add a user to the sudoers file by using the visudo command, which is used to safely edit the sudoers file and check for syntax errors. You can use the following line to add a user to the sudoers
username ALL=(ALL:ALL) ALL
This allows the user to run all the commands as any user.
2. Adding a User to the sudo Group
Mainly, most of the modern Linux distributions like Ubuntu use the sudo group to manage sudo access. You can use the below line to add a user to the group
sudo usermod -aG sudo username
By using the above command, the user will be able to use the sudo command.
Verifying sudo Privilege of a User
Once a user is successfully granted sudo privileges, it is important to verify whether they can access the sudo command and what privileges they have. You can verify the sudo privileges using the options below
1. Checking the Current Login User
If you’re logged in and want to verify your own sudo access, run the following command
sudo -v
After the above command gives no errors and asks for a password, you have sudo privileges.
Also, you can use the following command without any errors. If the output becomes root, you have sudo privileges.
sudo whoami
2. Checking an Arbitrary User
To check whether another user has sudo access, use the following command
sudo -l -U username
The above command will list all the commands specified to the user. If the user is not a member of the sudo group, a message is displayed stating that they are not allowed to run sudo.
Unlock Your Future in Linux
Start Your Linux Journey Today
Conclusion
The sudo command in Linux is an essential tool that bridges the gap between convenience and security. It allows temporary privileges and helps users to perform administrative tasks without needing full-time root access. It has a wide range of options, from specifying alternate users and groups to customizing environment variables, which offer control over permissions that are granted and used.
If you want to learn more about the sudo command in Linux, you can refer to our Linux Course, which will help you gain hands-on, real experience.
sudo command in Linux – FAQs
Q1. What is the sudo command in Linux?
The sudo command in Linux stands for “superuser do” or “substitute user do”, and it allows a user to execute commands with the security privileges of another user.
Q2. What is the sudo Su command used for?
Su is a command-line utility and stands for switch user or substitute user. Like sudo, the utility enables a user to run commands under a different account.
Q3. When to use sudo?
Use sudo when you need temporary administrative privileges to run protected or system-level commands.
Q4. What is the full form of sudo?
The full form of “sudo” is “superuser do”
Q5. What is the root in Linux?
In Linux, “root” refers to a special user account with the highest level of system privileges, also known as the superuser or administrator account.
Q6. What ID is root?
The root user has a user ID (UID) of 0 in Linux systems.