The sudo (short for “superuser do”) command allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. This is critical for performing tasks that require higher privileges, such as installing software, modifying system files, or managing user accounts.
Initial Example
To use sudo, simply prefix the command you want to run with sudo:
sudo command
SUDO Paramaters
| Parameter | Description |
|---|---|
-A | Use the askpass helper to prompt for the password. |
-b | Run the command in the background. |
-c class | Run the command with the specified SELinux security context. |
-H | Set the HOME environment variable to the home directory of the target user. |
-i | Start a login shell as the target user. |
-K | Invalidate the timestamp file, forcing a password prompt the next time sudo is run. |
-k | Invalidate the timestamp file, but do not prompt for a password. |
-l | List the allowed and forbidden commands for the invoking user. |
-n | Avoid prompting for a password. If a password is required, the command will fail. |
-p prompt | Use the specified prompt instead of the default password prompt. |
-S | Read the password from standard input. |
-s | Run the shell specified by the SHELL environment variable, or the shell listed in the passwd entry of the target user. |
-u user | Run the command as the specified user (default is root). |
-v | Update the user’s timestamp without running a command. |
--help | Display help information and exit. |
--preserve-env | Preserve the current environment when running the command. |
--reset-timestamp | Reset the user’s timestamp without running a command. |
--version | Show version information and exit. |
Examples
1. Running a Command as Superuser
To run a command with superuser privileges, prefix it with sudo:
sudo apt install package_name
2. Editing System Files
If you need to edit system configuration files, you can use sudo with a text editor. For example, to edit the hosts file with nano:
sudo nano /etc/hosts
3. Switching to Another User
You can also use sudo to run commands as another user with the -u option. For example, to switch to the user john:
sudo -u john command
4. Managing User Privileges
To manage user privileges, you’ll often edit the sudoers file. This is typically done with the visudo command, which ensures syntax correctness. Open the sudoers file with:
sudo visudo
5. Running a Command Without Password
To run a command without being prompted for a password, add the NOPASSWD directive in the sudoers file. For example:
username ALL=(ALL) NOPASSWD: /path/to/command
6. Setting a Timeout for Password Cache
By default, sudo caches your credentials for a period of time. To change this timeout, edit the sudoers file and set the timestamp_timeout parameter. For example, to set it to 15 minutes:
Defaults timestamp_timeout=15
7. Viewing Logs
To view a record of commands run with sudo, check the log file, usually found at /var/log/auth.log. Use a command like:
sudo tail /var/log/auth.log