Sudo Command in Ubuntu with Examples

Share

In Ubuntu, certain commands require elevated privileges to execute, and that’s where the sudo command comes in.

As a prefix, sudo empowers users with proper permissions to run commands as the superuser, similar to the “run as administrator” option in Windows.

This flexibility allows for multiple administrators, making it easier to manage and maintain your Ubuntu system.

But have you ever wondered how sudo works, or how to use it? In this tutorial, we’ll get into the world of sudo, exploring its basics, configuration, and practical examples to help you master elevated privileges and take control of your Linux system.

How to use Sudo Command in Ubuntu

Basic Syntax

The general syntax for the sudo command is:

sudo [options] command

For example, to update your system:

sudo apt update

Why Use Sudo?

  • Safety: Prevents accidental misuse of root privileges.
  • Auditability: Tracks commands executed with sudo in log files.
  • User-specific Permissions: Limits which commands each user can execute.

Common Sudo Commands

Update and Upgrade Your System

Before running these commands:

  • Expect: You won’t be able to fetch package updates without elevated privileges.
  • After Running: Your package manager fetches and installs the latest updates.

Commands:

sudo apt update
sudo apt upgrade

Install a Package

Before running:

  • Expect: If you try installing a package without sudo, you’ll get a “Permission denied” error.
  • After Running: The specified package (e.g., nginx) will be installed on your system.

Command:

sudo apt install nginx

Remove a Package

Command:

sudo apt remove <package_name>
  • Before Running: The package will still occupy disk space and remain functional.
  • After Running: The specified package will be removed from your system.

Example:

sudo apt remove nginx

Restart a Service

Command:

sudo systemctl restart <service_name>
  • Before Running: The service might be unresponsive or outdated.
  • After Running: The service restarts and reflects any recent changes or updates.

Example:

sudo systemctl restart apache2

Create a Directory with Root Privileges

Command:

sudo mkdir /restricted-folder
  • Before Running: Without sudo, creating a directory in restricted locations like / will fail.
  • After Running: The directory /restricted-folder is created successfully.

Change File Ownership

Command:

sudo chown <new_owner>:<new_group> <file_name>

Example:

sudo chown john:john /var/www/html/index.html
  • Before Running: The file might be owned by another user or group.
  • After Running: Ownership of the file is transferred to the specified user and group.

Sudo Options

Here are additional options for the sudo command:

Option Description
-h Display help for the sudo command.
-l List allowed and forbidden commands for the user.
-v Validate the user’s cached credentials (refresh the timeout).
-i Start a new shell as the root user.
-s Run the shell as the superuser.
-k Invalidate the current cached credentials (force password prompt next time).
-b Run the command in the background.
-E Preserve the environment when running commands.
--non-interactive Prevents sudo from prompting for a password (useful in scripts).

Environment Variables with Sudo

Here’s a more detailed list of environment variables that sudo respects:

Variable Description
SUDO_USER The username of the user who invoked sudo.
SUDO_UID The user ID of the invoking user.
SUDO_GID The group ID of the invoking user.
SUDO_COMMAND The last command executed with sudo.
SUDO_ASKPASS Specifies a helper program for password prompts.
PATH Determines the search path for commands executed with sudo.
HOME The home directory of the invoking user, not the superuser.
LOGNAME The login name of the invoking user.

Advanced Examples of Sudo Commands

Running Commands as Another User

Command:

sudo -u <username> <command>

Example:

sudo -u john ls /home/john
  • Before Running: You’re unable to access files in /home/john as your current user.
  • After Running: You can list files in /home/john as the user john.

Preserve Environment Variables

Command:

sudo -E <command>

Example:

sudo -E env | grep USER </pre>

  • Before Running: Without -E, your environment variables might not be preserved.
  • After Running: Your original environment variables remain intact during execution.

Execute a Background Task

Command:

sudo -b <command>

Example:

sudo -b sleep 60
  • Before Running: The task (e.g., sleep) will block the terminal.
  • After Running: The task runs in the background, freeing up your terminal for other commands.

Editing the Sudoers File

The sudoers file controls who can use sudo and which commands they can execute. To edit it, always use the visudo command to avoid syntax errors.

Granting a User Sudo Privileges

Command:

sudo visudo

Add the following line:

john ALL=(ALL) ALL
  • Before Adding: The user john cannot execute commands with sudo.
  • After Adding: john can use sudo to execute commands with superuser privileges.

Allowing Specific Commands Without a Password

Add this line to the sudoers file:

john ALL=(ALL) NOPASSWD: /usr/bin/apt
  • Before Adding: john is prompted for a password when running sudo apt.
  • After Adding: john can run sudo apt without entering a password.

Checking Logs 📝

All sudo activity is logged in /var/log/auth.log. This is useful for debugging and monitoring unauthorized access attempts.

Command:

sudo tail -f /var/log/auth.log

Tips and Best Practices ✅

  1. Use Sudo Sparingly: Don’t use sudo unless necessary. Avoid running complex scripts as root.
  2. Review Logs Regularly: Check /var/log/auth.log to monitor command execution, especially if multiple users have sudo privileges.
  3. Restrict Permissions: Avoid giving ALL privileges unnecessarily. Use fine-grained permissions in the sudoers file.

Did this guide help you? Share your favorite sudo tips or questions in the comments below or contact us.

Want to read more Commands? Check out the top Ubuntu Networking commands and a list of the top Ubuntu Commands you need to know.