Several actions are exclusively available to superusers in Linux and are frequently prefixed with the sudo (Super User DO) command. A user with the necessary permissions can perform any command with the letter “sudo” as another user, such as the superuser. The “run as administrator” option in Windows is equivalent to this. Since sudo exists, we can have several administrators.
Sudo Command in Linux
An application for Unix and Unix-based operating systems, including Linux and macOS, is called sudo. To enable individuals or user groups to execute commands restricted for usage under ordinary accounts, the utility offers an effective solution to provide them privileged access to system resources temporarily.
The most powerful Unix-like system, the root account, can even be given access to execute commands. To enable administrators to monitor user behavior, sudo also records all commands and parameters.
How to use the Sudo Command in Linux
In Linux, the sudo command enables authorized users to execute tasks with root or administrative capabilities. Using the configuration file (/etc/sudoers
) offers an opportunity to run commands as the superuser or another user that has been selected. How to use the sudo command is as follows:
Grant Sudo Access to Users
The sudoers file, which controls who has administrative rights on a Linux system, must usually be modified to grant people sudo access. The following steps will show you how to give people sudo access:
- Enter the system using a user account with sudo access or already set up as a sudoer. And Start a shell or terminal session.
- Running the sudo visudo command to access the sudoers configuration file with syntax checking enabled.
- Identify the area of the sudoers file where people are given sudo access. Usually, the line
%sudo
or%admin
precedes this section. - Add the following line to the file, substituting
<username>
with the desired user’s real username if you wish to give them sudo access:<username> ALL=(ALL: ALL) ALL
. - Locate the relevant line in the file, uncomment it (and, if necessary, delete it # at the line’s beginning), and then provide sudo access to the desired set of users. Debian-based systems employ the sudo or admin group by default, whereas Ubuntu uses the sudo group.
- Close the sudoers file after saving it. Ctrl+X, Y, and Enter are generally the steps you need to use in Visudo to save changes.
- Having sudo access for the user or group is now complete. With root rights, they may carry out administrative actions using the sudo command.
Sudo Command: Syntax and Options
It allows users to execute privileged tasks without clearly logging in as the root user. The sudo command’s fundamental syntax is as follows:
-p prompt
: create a personalized password prompt with an optional escape sequence.-u or --user=user
: gives instructions on which used to perform the command as. For instance,sudo -u john
ls will execute the command “ls” as the user “john.”-g or --group=group
: executes the command using the provided group’s permissions. For instance,sudo -g staff
ls executes the ls command with the “staff” group’s permissions.-s or --shell
: Starts the shell supplied in the sudoers file or by the SHELL environment variable, if appropriate.-E or --preserve-env
: maintains the user environment while the command is being run.-l or --list
: lists the commands that the person who is calling the command is permitted to use.-k or --reset-timestamp
: When you use sudo again, it will request your password again because the timestamp has been reset.
Sudo Command in Linux: Examples
In Linux, a user with the necessary credentials can run a command as the superuser or another user by using the sudo command. Here are some instances of the sudo command in action:
Run a Command as a Root user
The “sudo” command is used in the majority of Unix-like operating systems, including Linux, to grant authorized users the ability to execute commands or programs with root security privileges. Make use of the “sudo” operation or command or function in the manner that follows:
- Launch the command prompt or terminal. Then key in “sudo” before typing the command you wish to run as the root user.
- Examples include sudo command_name
- The actual command you wish to run should be substituted for “command_name“.
- The Enter key. The system will request your password entry. Specify the user account’s password before pressing the Enter key.
Execute a Command As a Different User
You may use the sudo command on Unix-like systems to run a command as a different user.
sudo -u username command
- Replace the username with the username of the user you want to execute the command as, and replace the command with the actual command you want to run.
- Before the command is run as the chosen user, you must input your own password (if you have sudo rights).
- Using the following command, for instance, will execute the
whoami
command as the user “user”
sudo -u user whoami
Execute a Program in the Background
To stop the procedure, use Ctrl + Z.
To continue the operation in the background, type the bg command.
The ampersand sign (&) should be used after a command to execute it in the background:
command &
Enter is required to carry out the command. You can use the terminal or command prompt for other activities after the program has begun to operate in the background.
Basic Sudo Command Troubleshooting
Here are some straightforward sudo command troubleshooting suggestions you might use:
Double-check your syntax: Make sure you are accurately entering the sudo command. The command you wish to run with administrator rights must come after it. For instance: sudo command
Verify your user’s sudo access: Check to see if your user account has sudo access. By default, only members of the sudo group and the root user are permitted to use sudo to run commands. Run the following command to examine your sudo access: sudo -v
.
Input the correct password: The sudo command will ask you for your password before it is executed. Ensure you use the correct password for your user account when entering it.
Check the sudoers file: The sudo configuration file, referred to as sudoers, regulates which individuals or groups have sudo access and the commands they are permitted to execute. Use the visudo command, which offers a secure means to edit the file, to check the file: sudo visudo.
Inspect file permissions: Check the permissions on the file or directory if you have problems with that particular file or directory. You may view the permissions with the ls -l command. Make the file or directory accessible to the person using the sudo command.
Debug sudo configuration: You can activate sudo debugging if the previous methods don’t address the problem. Edit the sudoers file using sudo visudo, then add the final line: Defaults syslog=auth_debug.
After saving the file, try executing the sudo command once more. For thorough details on any sudo-related failures or warnings, consult the system logs (/var/log/auth.log
on Ubuntu).
Sudo Command Best Practices
Limit sudo access: Only trustworthy users who need administrative access should be given sudo rights. Give normal users sudo rights only when essential.
Use the principle of least privilege: Give users the minimal sudo rights required to complete their duties. Access control reduces the possibility of accidental or purposeful misuse.
Configure sudoers file: To specify sudo permissions, use the visudo command to edit the sudoers file (/etc/sudoers or /etc/sudoers.d/*
). This guarantees accurate syntax checking and avoids unintentional setup errors. Avoid making direct changes to the sudoers file.
Implement strong passwords: To prevent unauthorized access, mandate strong passwords for accounts with sudo access. Users should be encouraged to use strong, complicated, and often changed passwords.
Enable two-factor authentication (2FA): If 2FA is an option, you may use it to provide sudo access. Forcing users to submit a second form of authentication, such as a hardware token or a time-based one-time password (TOTP), adds an extra layer of protection.
Use sudo -i or sudo -s when necessary: It’s often advised to use sudo -i
or sudo -s
rather than issuing individual sudo commands when running a shell as the root user or conducting several sudo tasks. These solutions offer a safer and cleaner environment.
Regularly update and patch: Utilize the newest security patches and upgrades to keep your system current. To take advantage of security upgrades and bug fixes, often check for sudo package updates and install them right away.
What command starts a background process?
To stop the procedure, use the Ctrl + Z keys. To continue the operation in the background, type the bg command.
With examples, describe the Linux sudo command.
Any command with the “sudo” prefix will be launched with elevated privileges, allowing a user with the necessary rights to run it as another user, such as the superuser. This corresponds to Windows’s “run as administrator” choice, feature, or option.
Why is sudo used in Linux?
Your system administrators can provide particular users —or groups of users —the authority to execute commands as root via sudo. All instructions and arguments will be recorded as part of your security and compliance routine, which is crucial. A sudo security policy should be set up to log activities.