sudo

system administrationLinux/Unix
The sudo command is one of the most frequently used commands in Linux/Unix-like operating systems. sudo Execute a command as another user

Quick Reference

Command Name:

sudo

Category:

system administration

Platform:

Linux/Unix

Basic Usage:

sudo [options] [arguments]

Common Use Cases

    Syntax

    sudo [options] [command]

    Options

    Option Description
    -A, --askpass Use a helper program for password prompting
    -b, --background Run command in the background
    -C, --close-from=num Close all file descriptors >= num
    -E, --preserve-env Preserve user environment when running command
    --preserve-env=list Preserve specific environment variables
    -e, --edit Edit files instead of running a command
    -g, --group=group Run command as the specified group name or ID
    -H, --set-home Set HOME variable to target user's home dir
    -h, --help Display help message and exit
    -h, --host=host Run command on host (if supported by plugin)
    -i, --login Run login shell as the target user; a login shell resets most environment variables
    -K, --remove-timestamp Remove timestamp file completely
    -k, --reset-timestamp Invalidate timestamp file
    -l, --list List user's privileges or check a specific command
    -n, --non-interactive Non-interactive mode, no prompts are used
    -P, --preserve-groups Preserve group vector instead of setting to target's
    -p, --prompt=prompt Use the specified password prompt
    -r, --role=role Create SELinux security context with specified role
    -S, --stdin Read password from standard input
    -s, --shell Run shell as the target user; a non-login shell
    -t, --type=type Create SELinux security context with specified type
    -T, --command-timeout=timeout Terminate command after the specified time limit
    -U, --other-user=user In list mode, display privileges for user
    -u, --user=user Run command (or edit file) as specified user name or ID
    -V, --version Display version information and exit
    -v, --validate Update user's timestamp without running a command

    Examples

    How to Use These Examples

    The examples below show common ways to use the sudo command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    sudo apt update
    Run the apt update command with root privileges.
    sudo -u john ls -la /home/john
    Execute the ls command as user 'john'.
    sudo -s
    Start a shell with root privileges. # Advanced Examples Advanced # Run a command as root with specific environment variables sudo DEBIAN_FRONTEND=noninteractive apt-get -y upgrade # Edit a system file with the default editor sudo -e /etc/hosts # Run a command as a different user and group sudo -u www-data -g www-data php test.php # Execute a command with a specific environment variable sudo -E npm install -g package # View the commands you're allowed to run with sudo sudo -l # Run a program with real and effective uid and gid of the target user sudo -i -u postgres psql # Run a command from a specific directory sudo -C /opt/app ./script.sh # Execute a command without allowing any further privilege escalation via sudo sudo -A -n make install # List privileges or check a specific command sudo -l -U otheruser sudo -l -U otheruser /usr/bin/apt # Reset the sudo timeout for password sudo -k # Preserve specific environment variables sudo -E env | grep PATH

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    The `sudo` (superuser do) command is a powerful utility in Unix and Linux systems that allows users to run programs with the security privileges of another user, most commonly the superuser (root). It provides a more secure and granular approach to privilege escalation compared to alternatives like `su`. Unlike `su`, which requires the target user's password and provides full access to that user's privileges, `sudo` authenticates using the current user's password and grants only the specific privileges defined in the `/etc/sudoers` configuration file. This follows the principle of least privilege, giving users only the permissions they need for specific tasks rather than full superuser access. Key features of `sudo` include: 1. **Fine-grained Access Control**: System administrators can configure `sudo` to allow specific users or groups to run only certain commands as specific users, with or without a password, and with various restrictions. 2. **Logging**: All `sudo` commands are logged, creating an audit trail of privileged operations that can be essential for security monitoring and troubleshooting. 3. **Password Caching**: By default, `sudo` caches the user's password for a short period (typically 15 minutes), allowing multiple privileged commands to be executed without repeatedly entering the password. 4. **Environment Control**: `sudo` carefully controls which environment variables are passed to the executed command, preventing certain security vulnerabilities. 5. **Pluggable Authentication**: The authentication mechanisms in `sudo` are pluggable, allowing integration with various authentication systems beyond the standard Unix password system. Common use cases for `sudo` include: - System administration tasks like package management, service control, and configuration changes - Running applications that need elevated privileges for specific operations - Allowing non-administrative users to perform specific privileged tasks without giving them full root access - Providing a secure way for scripts to perform operations that require higher privileges - Creating a controlled environment for delegating system management tasks The `sudo` command is configured through the `/etc/sudoers` file, which should only be edited using the `visudo` command to prevent syntax errors that could lock users out of privileged operations. The configuration can specify who can run what commands as which users on which hosts, with extensive options for constraining these privileges. Properly configured, `sudo` plays a crucial role in the security posture of Unix and Linux systems, enabling the principle of least privilege while still allowing necessary administrative tasks to be performed efficiently.

    Related Commands

    These commands are frequently used alongside sudo or serve similar purposes:

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the sudo command works in different scenarios.

    $ sudo
    View All Commands