sudo Command in Linux with Examples

sudo-Command-in-Linux.jpg

The sudo command in Linux bridges the gap between convenience and security. In Linux, the system requires elevated privileges to ensure system integrity and security. The sudo command allows only authorized users to perform administrative tasks without directly logging in as the root user, which adds a layer of safety by temporarily allowing higher privileges only when needed, reducing the risk of accidental or unauthorized system changes. Whether you are installing software or editing protected files, sudo is an important tool for system administrators and regular users alike.

Table of Contents:

What is the sudo Command in Linux?

The sudo command in Linux is often interpreted as Super User DO. It gives regular users temporary access to administrative privileges to perform the tasks that require high-level permissions, like installing software or modifying system files. It is similar to the run as administrator command in Windows. If the user is listed inside the /etc/sudoers file, and enters a valid password, users can execute commands without switching to the root user according to the permissions allotted.

Note: By default, the superuser is root.

Syntax of the sudo command in Linux

Below is the syntax of the sudo command in Linux

sudo [OPTIONS] COMMAND [ARGUMENTS...]

In the above syntax,

  • sudo is the command used to request the privileges of the superuser
  • OPTIONS are the flags that modify the behavior of sudo
  • COMMAND is the actual command you want to run as the superuser
  • ARGUMENTS are the additional parameters or flags
Master DevOps Today - Accelerate Your Future
Enroll Now and Transform Your Future
quiz-icon

Installing the sudo Command

The modern Linux system has the sudo command by default. To verify that the sudo package is installed in your system, follow the steps below.

  • Open your terminal
  • Type sudo and press Enter
  • If the sudo package is installed, a brief help message will appear, but if it is not present, you will see a message sudo: command not found.

You will get the following message if your system has the sudo package present.

Installing the sudo Command

To download the sudo package, manually use the following command.

1. Install sudo on RHEL, CentOS, Fedora, AlmaLinux, Rocky Linux

To install the sudo command on CentOS, Fedora, or any of the above, you can use the following command.

yum install sudo # For older systems
dnf install sudo # For newer systems

2. Install sudo on Debian and Ubuntu

To install the sudo command on Debian or Ubuntu, you can use the following command.

apt update
apt install sudo

Different Options of the sudo Command

There are many options available in the sudo command in Linux. Now, let us discuss some of them in detail.

1. -v

Normally, when you run the sudo command, your password is cached for a short period of time (usually 5 minutes), i.e., if you don’t use another sudo command within that period of time, you have to enter the password again. This option tells sudo to refresh or extend the current authentication timestamp, so that your authentication stays active for a longer period.

Below is the syntax of it:

sudo -v

2. -l

This option is used to list all the commands that the current user is allowed to run using sudo as its privileges. It is useful when you want to verify your sudo access rights, i.e., to verify the permissions and actions allowed to perform. It is used

  • By the system administrators to test the privileges of the configured user
  • By the user to verify what privileges are allowed

Below is the syntax of it:

sudo -l

3. -h or –help

This option shows a summary of all the sudo options and usage with their syntax and acts as a quick reference guide for a user.

Below is the syntax of it:

sudo -h

OR

sudo --help

4. -V

This command displays the version information about the sudo command. It provides the details like version number, security policies, configuration options, and so on. It is used when the user wants to see how sudo was compiled on your system (because different sudo versions have different features), or a system administrator wants to compare the environments across the servers.

Below is the syntax of it:

sudo -V

5. -k

This option cleans all the cached sudo credentials forcefully, due to which the user has to enter the password again when the sudo command is used. It is used for security purposes, when you want to end your session, and prevent other users from running your privileged commands.

Below is the syntax of it:

sudo -k

6. -K

This option completely removes the user’s cached credentials entirely, rather than -k. After this option, the system acts as if you are a new user and have never authenticated with the sudo command. You will be prompted for a password next time, regardless of the timeout.

Below is the syntax of it:

sudo -K

7. -b

This option runs the specified command in the background while allowing the user to continue using the terminal for any other activity. It is useful for running processes without blocking the terminal.

Below is the syntax of it:

sudo -b command

8. -p

This option allows you to customize the password prompt that appears when sudo prompts for a password. It maintains clarity and can be used for a security purpose to prevent unauthorized users from recognizing the prompt.

Below is the syntax of it:

sudo -p "Enter your password, %u on %h: "
  • %u will be replaced with the username.
  • %h is the hostname.

9. -n

This option allows the user to run the command without asking for a password if you have entered a sudo password recently, or the system does not require a password for the sudo command.

Below is the syntax of it:

sudo -n

10. -s

This option is used to start the shell with root privileges, using the default shell of the current user.

Below is the syntax of it:

sudo -s

11. -u

This option lets you run a command as another user by specifying a username. It allows you to run the command as another user. For example, for the command sudo whoami, run the shell as the root user, and for the command sudo -u akshat whoami, run the command as the user akshat.

Below is the syntax of it:

sudo -u <username>

12. -H

This option sets the HOME environment variable to the home directory of the target user. It is essential when the applications running are dependent on the HOME variables to store the configuration files.

Below is the syntax of it:

sudo -H

13. -S

This option stands for stdin password input and tells sudo to read the password without prompting them interactively. Normally, while running the sudo command, the password is entered interactively, but with the -S option password is entered silently instead of typing it when prompted.

Below is the syntax of it:

sudo -S

14. -a

This option is used to specify the authentication type, i.e., it lets you choose how you want to prove your identity, but only when your Linux system supports multiple ways to check your identity. Authentication methods, like in companies, can be password, fingerprint, or face recognition.

Below is the syntax of it:

sudo -a <type>

In the above syntax, type refers to the authentication method

15. -c

This option is used to run a command with a specified SELinux security context. SELinux (Security-Enhanced Linux) is a security module in Linux that enforces access control policies. These policies define what actions users can perform on different system resources.

Below is the syntax of it:

sudo -c "context"

In the above syntax, context refers to the SELinux context you want to apply

16. -P

This option tells sudo not to reset the PATH environment variable to a secure value before running the command. Normally, sudo overwrites some environment variables like PATH due to security reasons. But, using the -P command allows you to preserve your current PATH environment instead of switching to a secure one.

Below is the syntax of it:

sudo -P

Note: -P can be risky because it may expose the user to malicious PATH manipulation.

17. -r

This option allows you to specify a SELinux (Security-Enhanced Linux) role when running a command with sudo. Instead of allowing permissions only, SELinux also assigns an access control context to users, processes, and files.

Below is the syntax of it:

sudo -r <role>

18. —

This option ensures that any arguments following — are treated as a part of the command being run, not as options to sudo. It is useful when the command you are running has options that look like sudo options (e.g., -h, -l, -v, etc.).

Below is the syntax of it:

sudo -- <command> [command-options]

Get 100% Hike!

Master Most in Demand Skills Now!

19. -g

This option is used to run a command as if it were executed by a specific group, not just a specific user. It allows the user to change the group ID of the process started, which makes it useful when file access or permissions depend on the ownership.

Below is the syntax of it:

sudo -g group_name_or_gid command

In the above syntax, group_name_or_gid is the name or the number of the group you want to run.

What is sudo su?

The sudo su command in Linux is used to switch to the root user, giving you full privileges of the administrator, just like the root user. sudo su is made up of two words containing

  • sudo gives you root access to users who are authorized in the /etc/sudoers file.
  • su stands for substitute user, or switch user, and is used to switch to the root user by default.

Below is the syntax of the sudo su command in Linux

sudo su

Difference Between sudo and sudo su

Feature sudo sudo su
Purpose Runs a single command with root privileges Starts a new shell as the root user
Behavior Executes the given command as root, then returns to the current user Switches to root and remains logged in as root until you exit
Security More secure, as it limits the time spent as root Less secure if you forget to exit the root shell
Shell Environment Stays in the current user’s environment Switches to the root’s shell environment

Environment Variables

Environment variables are the values stored in the shell’s environment. They affect the behaviour of the process and programs running in Linux and are used to store the values such as the current user’s name, home directory, default shell, path locations, and more.

Some of the commonly used environment variables are

Variable Description
EDITOR The default text editor for sudoedit (-e) mode, if VISUAL is not set.
VISUAL It is the preferred text editor for sudoedit mode and takes priority over EDITOR.
HOME The home directory set for the target user when using -s (shell) or -H (set home) mode.
PATH It defines where the system looks for commands. sudo sets this to a safe path if secure_path is enabled in the sudoers file.
SHELL It is used by sudo -s to decide which shell to run.
SUDO_PROMPT It customizes the password prompt shown when using sudo.
SUDO_USER It stores the username of the person who originally ran the sudo command.
SUDO_COMMAND The exact command that was run with sudo.
SUDO_UID The user ID (UID) of the user who ran sudo.
SUDO_GID The group ID (GID) of the user who ran sudo.
SUDO_PS1 If set, this becomes the shell prompt (PS1) for the target shell session.
USER It sets the target user unless changed using -u.

Granting sudo Access

To perform administrative tasks in Linux, a user needs some powerful privileges. The sudo command in Linux allows the user to execute tasks as the root user without logging in as the root directly. By default, not every user has this access, and you have to explicitly grant a user the sudo privilege by adding the user to the sudoers or to the sudo group, as per the Linux distribution.

1. Adding a User to the sudoers File

You can manually add a user to the sudoers file by using the visudo command, which is used to safely edit the sudoers file and check for syntax errors. You can use the following line to add a user to the sudoers

username ALL=(ALL:ALL) ALL

This allows the user to run all the commands as any user.

2. Adding a User to the sudo Group

Mainly, most of the modern Linux distributions like Ubuntu use the sudo group to manage sudo access. You can use the below line to add a user to the group

sudo usermod -aG sudo username

By using the above command, the user will be able to use the sudo command.

Verifying sudo Privilege of a User

Once a user is successfully granted sudo privileges, it is important to verify whether they can access the sudo command and what privileges they have. You can verify the sudo privileges using the options below

1. Checking the Current Login User

If you’re logged in and want to verify your own sudo access, run the following command

sudo -v

After the above command gives no errors and asks for a password, you have sudo privileges.

Also, you can use the following command without any errors. If the output becomes root, you have sudo privileges.

sudo whoami

2. Checking an Arbitrary User

To check whether another user has sudo access, use the following command

sudo -l -U username

The above command will list all the commands specified to the user. If the user is not a member of the sudo group, a message is displayed stating that they are not allowed to run sudo.

Unlock Your Future in Linux
Start Your Linux Journey Today
quiz-icon

Conclusion

The sudo command in Linux is an essential tool that bridges the gap between convenience and security. It allows temporary privileges and helps users to perform administrative tasks without needing full-time root access. It has a wide range of options, from specifying alternate users and groups to customizing environment variables, which offer control over permissions that are granted and used.

If you want to learn more about the sudo command in Linux, you can refer to our Linux Course, which will help you gain hands-on, real experience.

sudo command in Linux – FAQs

Q1. What is the sudo command in Linux?

The sudo command in Linux stands for “superuser do” or “substitute user do”, and it allows a user to execute commands with the security privileges of another user.

Q2. What is the sudo Su command used for?

Su is a command-line utility and stands for switch user or substitute user. Like sudo, the utility enables a user to run commands under a different account.

Q3. When to use sudo?

Use sudo when you need temporary administrative privileges to run protected or system-level commands.

Q4. What is the full form of sudo?

The full form of “sudo” is “superuser do”

Q5. What is the root in Linux?

In Linux, “root” refers to a special user account with the highest level of system privileges, also known as the superuser or administrator account.

Q6. What ID is root?

The root user has a user ID (UID) of 0 in Linux systems.

Full Stack Development