Linux sudo Command – Run Commands with Root Privileges

sudo command is a special command which is used to execute normal user commands with root privileges without logging as the root user. The sudo term is the short form of the “SuperUser Do” or “substitute user do“. This is not a security problem because in order to execute commands as root the user should have already provided the required privileges in the /etc/sudoers file. If not the user can not execute commands with root privileges. The sudo command also used to run commands with different user privileges. The sudo command provides the root or superuser privileges for only the current command or application. So this means sudo provides temporary administrative rights to the current normal user.

The sudo is create in 1980 but gained popularity in 1994 with the unofficial for called “CU sudo“. Then with extra development by fixing issues, problems and integration with more Linux distributions the name changed into “sudo“.

sudo Command Syntax

sudo command is used at the start of the command which means the root privielges are elevated before the execution of the command.

sudo PARAMETER COMMAND 
  • PARAMETER is the sudo command parameters.
  • COMMAND is the command which will be executed with root or different user privilege.

sudo Parameters

Even sudo command a lot of options or parameters the most popular options are like below.

PARAMETERDESCRIPTION
-bRun command background
-EPreserve the environment
-hDisplay help information
-lList allowed commands
-nRun non-interactive
-sRun specified shell environment
-uRun with specified user privileges other than root
-VPrint verbose or debug output

Display sudo Command Help Information

The sudo command provides the -h option in order to list help information with available options. Alternatively the long format of the -h option which is –help can be also used to print help.

$ sudo -h

Run Command with Root Privilege

According to its syntax, the sudo command can be used to run different commands with the root privileges like below. In the following example, we will print the /etc/passwd content using the cat command. Normally the passwd file can be only read by the root user. The current user password will be asked for authentication. After successful authentication, the password will be cached and will not be asked for a short period.

$ sudo cat /etc/passwd
[sudo] password for ismail:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin

Add User To Sudoers File

In order to use the sudo command the current user should be added to the sudo configuration file named /etc/sudoers . This file stores configuration about the sudo command like which user can run the sudo command and what privileges can be provided. The sudoers file can be edited in different ways like using a regular text file editor but the visudo command is provided to edit sudoers file in a more fashionable way.

$ sudo visudo

For example, we can skip asking a password for every sudo command execution for the user ismail with the following line. In the following line, the user ismail can run every command as root and other users without asking a password.

ismail ALL=(ALL) NOPASSWD:ALL

In the following configuration we will enable the passwordless execution but restrict the commands the user can run. The user can only run the /bin/mkdir and /bin/rmdir commands. The commands should be provided with their full or absolute paths.

ismail ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir

We can configure the sudo permissions for a specific Linux group. In the following example we will give the admin group the sudo privileges for all commands without password.

%admin% ALL=(ALL) NOPASSWD:ALL

List Sudoer User Privileges and Rights

The sudo command provides the -l option in order to list current user sudoer file configuration and privileges. This will list secure paths for the current user where these paths executables can be executed securely. Also available commands for the current user listed like below.

$ sudo -l
List Sudoer User Privileges and Rights

Run Command As Different User

Even the sudo command is mainly used and popular for executing commands with root privileges it can be also used for to execute commands with different user privileges. The -u option is used to set the username as a parameter. In the following example we will execute the mkdir command with the user ali .

$ sudo -u ali mkdir /home/ali/backup

Sudo Environment Variables

As a command line or bash tool, the sudo command comes with useful environment variables. These environment variables are used to set current users and new user environments.

READ  How To Send/Set HTTP Header with curl Command?

SUDO_ASKPASS is used to enable or disable asking password for the user.

SUDO_COMMAND is set the command executed by the sudo.

SUDO_EDITOR is the editor used to edit sudoers file which is nano in most of the cases.

SUDO_PROMPT used as the default password prompt.

SUDO_UID stores the user id of the user who invoked sudo command.

Sudo Command Examples

In this part, we will make some examples of popular use cases about the sudo command. In the following example, we will edit the index.html file with the www user privileges.

$ sudo -u www vim /var/www/html/index.html

$ sudo -u www vim /var/www/html/index.php

$ sudo -u www vim /var/www/html/index.cgi

In the following example, the log files about the system will be displayed. Normally these log files are only viewed by the root and admin users.

$ sudo -u adm cat /var/log/syslog

We can edit another user’s home directory content like a file. In the following example, we will change the file which is owned and stored by the ahmet home user directory.

$ sudo -u ahmet vim /home/ahmet/names.txt

The system can be shutdown using the sudo command with a normal user like below.

$ sudo shutdown

If you want to change a different user password and do not want to log in to this user or root you can use the sudo to change another user password like below. In the following example, the user named elif password will be changed.

$ sudo -u elif passwd

Run Multiple Commands with sudo

Single sudo may run multiple commands at a single execution. This is mainly related to the bash features where a single line may contain multiple commands which are separated with the ; .

$ sudo sh -c "cd /home/ismail; mkdir backup; cd backup; touch text.txt"

Multiple commands can be also executed with different user privileges like below.

$ sudo -u ismail sh -c "cd /home/ismail; mkdir backup; cd backup; touch text.txt"

Compare su vs sudo Command

su is another command which is used to change the current user into the root or another user. It may seem the su and sudo commands are the same but they are not. sudo the command executes given commands without changing the current user sessions by just changing the command execution privileges. Where the su command directly changes the current user session into other users and you can not make operations with the previous user unless not change back to this user.

READ  How To Change Directory In Linux?

Messed Up with Sudoers File

You can edit the sudoers file in different ways. But the best way is using the visudo command which will open the sudo command with a default text editor. But if you create a regular text file and copy ass a sudoers file and if you have a typing error the sudoers file format will be corrupt and the sudoers file will not work. Please take the following suggestion into consideration when editing the sudoers file to prevent errors and malfunction.

  • Do not edit sudoers file directly and use the visudo command which will check the edited sudoers file when exiting.
  • If there is an error in the sudoers file and can not use the sudo command use the su command which will log in as the root user.
  • If you made an error in sudoers file and can not run the sudo command and using this system as VM just shut down the system and mount the disk file and change the sudoers file.

Leave a Comment