In Ubuntu, certain commands require elevated privileges to execute, and that’s where the sudo command comes in.
As a prefix, sudo empowers users with proper permissions to run commands as the superuser, similar to the “run as administrator” option in Windows.
This flexibility allows for multiple administrators, making it easier to manage and maintain your Ubuntu system.
But have you ever wondered how sudo works, or how to use it? In this tutorial, we’ll get into the world of sudo, exploring its basics, configuration, and practical examples to help you master elevated privileges and take control of your Linux system.
How to use Sudo Command in Ubuntu
Basic Syntax
The general syntax for the sudo
command is:
sudo [options] command
For example, to update your system:
sudo apt update
Why Use Sudo?
- Safety: Prevents accidental misuse of root privileges.
- Auditability: Tracks commands executed with
sudo
in log files. - User-specific Permissions: Limits which commands each user can execute.
Common Sudo Commands
Update and Upgrade Your System
Before running these commands:
- Expect: You won’t be able to fetch package updates without elevated privileges.
- After Running: Your package manager fetches and installs the latest updates.
Commands:
sudo apt update
sudo apt upgrade
Install a Package
Before running:
- Expect: If you try installing a package without
sudo
, you’ll get a “Permission denied” error. - After Running: The specified package (e.g.,
nginx
) will be installed on your system.
Command:
sudo apt install nginx
Remove a Package
Command:
sudo apt remove <package_name>
- Before Running: The package will still occupy disk space and remain functional.
- After Running: The specified package will be removed from your system.
Example:
sudo apt remove nginx
Restart a Service
Command:
sudo systemctl restart <service_name>
- Before Running: The service might be unresponsive or outdated.
- After Running: The service restarts and reflects any recent changes or updates.
Example:
sudo systemctl restart apache2
Create a Directory with Root Privileges
Command:
sudo mkdir /restricted-folder
- Before Running: Without
sudo
, creating a directory in restricted locations like/
will fail. - After Running: The directory
/restricted-folder
is created successfully.
Change File Ownership
Command:
sudo chown <new_owner>:<new_group> <file_name>
Example:
sudo chown john:john /var/www/html/index.html
- Before Running: The file might be owned by another user or group.
- After Running: Ownership of the file is transferred to the specified user and group.
Sudo Options
Here are additional options for the sudo
command:
Option | Description |
---|---|
-h |
Display help for the sudo command. |
-l |
List allowed and forbidden commands for the user. |
-v |
Validate the user’s cached credentials (refresh the timeout). |
-i |
Start a new shell as the root user. |
-s |
Run the shell as the superuser. |
-k |
Invalidate the current cached credentials (force password prompt next time). |
-b |
Run the command in the background. |
-E |
Preserve the environment when running commands. |
--non-interactive |
Prevents sudo from prompting for a password (useful in scripts). |
Environment Variables with Sudo
Here’s a more detailed list of environment variables that sudo
respects:
Variable | Description |
---|---|
SUDO_USER |
The username of the user who invoked sudo . |
SUDO_UID |
The user ID of the invoking user. |
SUDO_GID |
The group ID of the invoking user. |
SUDO_COMMAND |
The last command executed with sudo . |
SUDO_ASKPASS |
Specifies a helper program for password prompts. |
PATH |
Determines the search path for commands executed with sudo . |
HOME |
The home directory of the invoking user, not the superuser. |
LOGNAME |
The login name of the invoking user. |
Advanced Examples of Sudo Commands
Running Commands as Another User
Command:
sudo -u <username> <command>
Example:
sudo -u john ls /home/john
- Before Running: You’re unable to access files in
/home/john
as your current user. - After Running: You can list files in
/home/john
as the userjohn
.
Preserve Environment Variables
Command:
sudo -E <command>
Example:
sudo -E env | grep USER </pre>
- Before Running: Without
-E
, your environment variables might not be preserved. - After Running: Your original environment variables remain intact during execution.
Execute a Background Task
Command:
sudo -b <command>
Example:
sudo -b sleep 60
- Before Running: The task (e.g., sleep) will block the terminal.
- After Running: The task runs in the background, freeing up your terminal for other commands.
Editing the Sudoers File
The sudoers
file controls who can use sudo
and which commands they can execute. To edit it, always use the visudo
command to avoid syntax errors.
Granting a User Sudo Privileges
Command:
sudo visudo
Add the following line:
john ALL=(ALL) ALL
- Before Adding: The user
john
cannot execute commands withsudo
. - After Adding:
john
can usesudo
to execute commands with superuser privileges.
Allowing Specific Commands Without a Password
Add this line to the sudoers
file:
john ALL=(ALL) NOPASSWD: /usr/bin/apt
- Before Adding:
john
is prompted for a password when runningsudo apt
. - After Adding:
john
can runsudo apt
without entering a password.
Checking Logs 📝
All sudo
activity is logged in /var/log/auth.log
. This is useful for debugging and monitoring unauthorized access attempts.
Command:
sudo tail -f /var/log/auth.log
Tips and Best Practices ✅
- Use Sudo Sparingly: Don’t use
sudo
unless necessary. Avoid running complex scripts as root. - Review Logs Regularly: Check
/var/log/auth.log
to monitor command execution, especially if multiple users have sudo privileges. - Restrict Permissions: Avoid giving
ALL
privileges unnecessarily. Use fine-grained permissions in thesudoers
file.
Did this guide help you? Share your favorite sudo
tips or questions in the comments below or contact us.
Want to read more Commands? Check out the top Ubuntu Networking commands and a list of the top Ubuntu Commands you need to know.