The sudo command in Linux stands for “superuser do“, which allows an approved user to run a command as the superuser or another user, as specified by the security policy.
This is especially useful for performing tasks that require administrative privileges without logging in as the root user.
Setting Up sudo User in Linux
Before using sudo, you need to ensure it is set up correctly. Typically, sudo is pre-installed on most Linux distributions. If it’s not installed, you can install it using your package manager.
sudo apt install sudo [On Debian, Ubuntu and Mint] sudo yum install sudo [On RHEL/CentOS/Fedora and Rocky/AlmaLinux] sudo emerge -a sys-apps/sudo [On Gentoo Linux] sudo apk add sudo [On Alpine Linux] sudo pacman -S sudo [On Arch Linux] sudo zypper install sudo [On OpenSUSE] sudo pkg install sudo [On FreeBSD]
To allow a normal regular existing user to use sudo, you must add them to the sudo group.
sudo usermod -aG sudo username [On Debian systems] sudo usermod -aG wheel username [On RedHat systems]
Alternatively, you can create a new sudo user by using the adduser or useradd command.
Make sure to replace new_username with the actual username you want to grant sudo privileges to.
sudo adduser new_username OR sudo useradd new_username sudo passwd new_username
Once created, add the new user to the sudo group.
sudo usermod -aG sudo username [On Debian systems] sudo usermod -aG wheel username [On RedHat systems]
Switch to the new user and check if they have sudo access.
su - new_username sudo whoami
How to Use sudo in Linux
Once a user is added to the sudo group, they can use the sudo command to perform administrative tasks.
Basic sudo Usage
To use sudo, simply prepend it to the command you want to run with superuser privileges.
sudo apt update
When you run this command, you’ll be prompted to enter your user password. After entering the password, the command will execute with elevated privileges.
Running a Command as Another User
You can also use sudo to run a command as another user using the -u option followed by the username.
For example, to list files as the user ravi:
sudo -u ravi ls -l /home/ravi
Editing Files with sudo
To edit a system file with a text editor, you often need sudo privileges.
sudo nano /etc/hosts
Advanced sudo Configuration
The sudo command is highly configurable. You can customize its behavior by editing the /etc/sudoers file. It’s crucial to edit this file correctly to avoid configuration issues.
To edit /etc/sudoers file, always use the visudo command.
sudo visudo
Granting Specific Permissions
You can grant specific permissions to users or groups in the /etc/sudoers file. For example, to allow the user ravi to restart the Apache service without a password prompt, add the following line.
ravi ALL=(ALL) NOPASSWD: /usr/sbin/service apache2 restart
Restrict Access to Commands for Multiple Users
User aliases allow you to specify a list of users who share a common set of privileges, which is particularly useful when you want to grant the same level of access to multiple users.
For example, if you have a group of developers who need access to certain administrative commands, you can create a user alias for them.
User_Alias DEVELOPERS = user1, user2, user3
With this alias defined, you can then grant sudo privileges to all users in the DEVELOPERS alias.
DEVELOPERS ALL=(ALL) /usr/bin/apt
This line allows all users in the DEVELOPERS alias to run the apt command with sudo privileges.
Conclusion
The sudo command is an essential tool for managing a Linux system. It provides a secure way to perform administrative tasks without logging in as the root user.
Actually, the correct way to edit files with sudo is the command `sudoedit file` or `sudo -e file`. It needs the EDITOR environment variable to be set.
It runs your favorite editor (nano, kate, neovim, etc.) as an ordinary user but allows you to modify the root file in a secure way.
When you use `sudo nano`, you are running the editor as the root user, and that’s not good at all.
@Jorge,
Thanks for the tip! I’ll start using `sudoedit` for a more secure approach.
If you do not have ‘sudo’ pre-installed on your system, how can you use it to install ‘sudo” or to add a user to the sudo group?
@dragonmouth,
If you do not have sudo pre-installed on your system, you can still manage to install it or add a user to the sudo group by logging in as the root user.
Yes, I realize this but the install commands as given in the article will not work:
will generate a sudoers file error.
On the other hand, if you are using the root account to install sudo, the leading ‘sudo‘ in the command will generate a “sudo command not found” error.