How to Use the Linux sudo Command

Introduction

sudo (SuperUser DO) command lets you access restricted files and operations. By default, Linux restricts access to certain system parts to prevent sensitive files from being compromised.

The sudo command temporarily elevates privileges, allowing users to complete sensitive tasks without logging in as the root user.

In this tutorial, learn how to use the sudo command in Linux with examples.

Prerequisites

• A system running Linux (this tutorial uses Ubuntu 22.04).
• Access to the terminal.
• A user account with sudo.

sudo Command Syntax

The sudo command syntax is simple:

sudo [command]

When you run the sudo command, a timestamp is recorded in the system logs. This allows users to run commands with elevated privileges for a short time (15 minutes by default). If someone without sudo privileges attempts to use the sudo command, it is logged as a security event.

sudo Options

Command options enhance the functionality and security of sudo in various situations. The following table presents options commonly used with sudo.

Option	Description
-h	Displays help information and exits.
-V	Displays version information and exits.
-v	Updates the user’s timestamp without running a command.
-k	Invalidates the user’s timestamp, forcing the user to re-enter their password the next time sudo is used.
-K	Removes the user’s timestamp entirely, similar to -k.
-b	Runs the given command in the background.
-n	Non-interactive mode; if a password is required, sudo shows an error.
-H	Sets the HOME environment variable to the target user’s home directory.
-i	Simulates an initial login session, running the shell as a login shell.
-e	Edits files safely with elevated privileges.
-s	Starts a shell with root privileges.
-u	Runs the command as a specified user.
-g	Runs the command as a specified group.
-l	Lists the user’s allowed and forbidden commands.
-A	Uses an alternate method for password authentication.
-E	Preserves the user’s environment when running a command.
--	Indicates the end of sudo options.

Environment Variables Used by sudo

Environment variables in sudo provide control and customization over the sudo command behavior and the environment in which commands run. The following table provides a detailed explanation of each variable:

Variable	Description
EDITOR	Sets the default editor to use with the -e option if VISUAL is not set. Allows you to safely edit files as root without running the editor as root. Copies the file to a temporary location, edits it, and then moves it back with root privileges.
HOME	Set to the target user’s home directory when using the -s or -H options with sudo.
PATH	Set to a secure and predefined value if the secure_path option is enabled in the sudoers configuration file.
SHELL	Determines which shell to run when using the -s option with the sudo command.
SUDO_PROMPT	Used as the default password prompt.
SUDO_COMMAND	Records the command being executed.
SUDO_USER	Tracks the original user who initiated the sudo command.
SUDO_UID	Provides the user ID.
SUDO_GID	Provides the group ID of the user, useful for maintaining correct group permissions and auditing.
SUDO_PS1	Customizes the shell prompt when running a command with sudo.
USER	Defines the target user for the sudo command, ensuring commands are executed with the appropriate user context.
VISUAL	Ensures the preferred text editor is used when editing files.

Examples of sudo in Linux

sudo was developed as a way to grant a user administrative rights temporarily. To make it work, use sudo before a restricted command. The following text provides practical sudo usage examples.

Basic sudo Usage

The basic sudo function is to run commands restricted from regular users. To check what a restricted command looks like with and without sudo, take the following steps:

1. Open a terminal window and run the following command:

apt update

An error message appears. You do not have the necessary permissions to run the command.

2. Try the same command with sudo:

sudo apt update

3. Type your password when prompted. The system executes the command and updates the repositories.

Run Command as a Different User

sudo also allows you to run a command as another user:

1. Verify your username with the whoami command:

whoami

The system displays your username.

2. Run the following command:

sudo -u [different_username] whoami

For example, we use user1:

sudo -u user1 whoami

Switch to Root User

The command sudo bash is used to start a BASH shell with root privileges.

sudo bash

The prompt changes to indicate the shell is now running as the root user.

Execute Previous Commands with sudo

The Linux command line keeps a record of previously executed commands. Access these records by pressing the up arrow. To repeat the last command with elevated privileges, use:

sudo !!

This also works with earlier commands. Specify the historical number as follows:

sudo !16

This example repeats the 16th entry in history with the sudo command.

Run Multiple Commands in One Line

String multiple commands together, separated by a semicolon. For example, run ls, whoami, and hostname:

sudo ls; whoami; hostname

Add a String of Text to an Existing File

Use sudo to add a text string to an existing file without opening it for editing. This method is often employed for tasks such as adding repository URLs to sources list files in Linux. Use the following syntax with echo, sudo, and tee command:

echo 'string-of-text' | sudo tee -a [path_to_file]

For example:

echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list

The command adds the Nginx software repositories to your system.

Conclusion

This article explained the sudo command and how to use it. Refer to the examples to learn how to use the command efficiently.

Next, learn the difference between the sudo and su command.