In Ubuntu, certain commands require elevated privileges to execute, and that’s where the sudo command comes in.
As a prefix, sudo empowers users with proper permissions to run commands as the superuser, similar to the “run as administrator” option in Windows.
This flexibility allows for multiple administrators, making it easier to manage and maintain your Ubuntu system.
But have you ever wondered how sudo works, or how to use it? In this tutorial, we’ll get into the world of sudo, exploring its basics, configuration, and practical examples to help you master elevated privileges and take control of your Linux system.
How to use Sudo Command in Ubuntu
Basic Syntax
The general syntax for the sudo command is:
sudo [options] command
For example, to update your system:
sudo apt update
Why Use Sudo?
- Safety: Prevents accidental misuse of root privileges.
- Auditability: Tracks commands executed with
sudoin log files. - User-specific Permissions: Limits which commands each user can execute.
Common Sudo Commands
Update and Upgrade Your System
Before running these commands:
- Expect: You won’t be able to fetch package updates without elevated privileges.
- After Running: Your package manager fetches and installs the latest updates.
Commands:
sudo apt update
sudo apt upgrade
Install a Package
Before running:
- Expect: If you try installing a package without
sudo, you’ll get a “Permission denied” error. - After Running: The specified package (e.g.,
nginx) will be installed on your system.
Command:
sudo apt install nginx
Remove a Package
Command:
sudo apt remove <package_name>
- Before Running: The package will still occupy disk space and remain functional.
- After Running: The specified package will be removed from your system.
Example:
sudo apt remove nginx
Restart a Service
Command:
sudo systemctl restart <service_name>
- Before Running: The service might be unresponsive or outdated.
- After Running: The service restarts and reflects any recent changes or updates.
Example:
sudo systemctl restart apache2
Create a Directory with Root Privileges
Command:
sudo mkdir /restricted-folder
- Before Running: Without
sudo, creating a directory in restricted locations like/will fail. - After Running: The directory
/restricted-folderis created successfully.
Change File Ownership
Command:
sudo chown <new_owner>:<new_group> <file_name>
Example:
sudo chown john:john /var/www/html/index.html
- Before Running: The file might be owned by another user or group.
- After Running: Ownership of the file is transferred to the specified user and group.
Sudo Options
Here are additional options for the sudo command:
| Option | Description |
|---|---|
-h |
Display help for the sudo command. |
-l |
List allowed and forbidden commands for the user. |
-v |
Validate the user’s cached credentials (refresh the timeout). |
-i |
Start a new shell as the root user. |
-s |
Run the shell as the superuser. |
-k |
Invalidate the current cached credentials (force password prompt next time). |
-b |
Run the command in the background. |
-E |
Preserve the environment when running commands. |
--non-interactive |
Prevents sudo from prompting for a password (useful in scripts). |
Environment Variables with Sudo
Here’s a more detailed list of environment variables that sudo respects:
| Variable | Description |
|---|---|
SUDO_USER |
The username of the user who invoked sudo. |
SUDO_UID |
The user ID of the invoking user. |
SUDO_GID |
The group ID of the invoking user. |
SUDO_COMMAND |
The last command executed with sudo. |
SUDO_ASKPASS |
Specifies a helper program for password prompts. |
PATH |
Determines the search path for commands executed with sudo. |
HOME |
The home directory of the invoking user, not the superuser. |
LOGNAME |
The login name of the invoking user. |
Advanced Examples of Sudo Commands
Running Commands as Another User
Command:
sudo -u <username> <command>
Example:
sudo -u john ls /home/john
- Before Running: You’re unable to access files in
/home/johnas your current user. - After Running: You can list files in
/home/johnas the userjohn.
Preserve Environment Variables
Command:
sudo -E <command>
Example:
sudo -E env | grep USER </pre>
- Before Running: Without
-E, your environment variables might not be preserved. - After Running: Your original environment variables remain intact during execution.
Execute a Background Task
Command:
sudo -b <command>
Example:
sudo -b sleep 60
- Before Running: The task (e.g., sleep) will block the terminal.
- After Running: The task runs in the background, freeing up your terminal for other commands.
Editing the Sudoers File
The sudoers file controls who can use sudo and which commands they can execute. To edit it, always use the visudo command to avoid syntax errors.
Granting a User Sudo Privileges
Command:
sudo visudo
Add the following line:
john ALL=(ALL) ALL
- Before Adding: The user
johncannot execute commands withsudo. - After Adding:
johncan usesudoto execute commands with superuser privileges.
Allowing Specific Commands Without a Password
Add this line to the sudoers file:
john ALL=(ALL) NOPASSWD: /usr/bin/apt
- Before Adding:
johnis prompted for a password when runningsudo apt. - After Adding:
johncan runsudo aptwithout entering a password.
Checking Logs 📝
All sudo activity is logged in /var/log/auth.log. This is useful for debugging and monitoring unauthorized access attempts.
Command:
sudo tail -f /var/log/auth.log
Tips and Best Practices ✅
- Use Sudo Sparingly: Don’t use
sudounless necessary. Avoid running complex scripts as root. - Review Logs Regularly: Check
/var/log/auth.logto monitor command execution, especially if multiple users have sudo privileges. - Restrict Permissions: Avoid giving
ALLprivileges unnecessarily. Use fine-grained permissions in thesudoersfile.
Did this guide help you? Share your favorite sudo tips or questions in the comments below or contact us.
Want to read more Linux Commands? Check out the top Ubuntu Networking commands, how to use Wget Command in Ubuntu, and a list of the top Ubuntu Commands you need to know.