How To Use Sudo Command on Ubuntu

Share
  • Post Updated: November 19, 2020
How to use Sudo In UbuntuSudo Command Examples In Ubuntu 20.04

On this page you will learn how to use Sudo Command which is perhaps perhaps the most popular Ubuntu Linux Command ever, at very least it is a command that you must know how to use because it will come in handy sooner or later.

SUDO Command Examples

sudo, sudoedit – execute a command as another user

SYNOPSIS sudo -h | -K | -k | -L | -l | -V | -v sudo [-bEHPS] [-p prompt] [-u username|#uid] [VAR=value] {-i | -s | command}

sudoedit [-S] [-p prompt] [-u username|#uid] file …

DESCRIPTION sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file (unless the -P option was specified). If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default

(NOTE: in the default configuration this is the user’s password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden in sudoers). When invoked as sudoedit, the -e option (described below), is implied.

sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag, a user can update the time stamp without running a command. The password prompt itself will also time out if the user’s password is not entered within 5 minutes (unless overridden via sudoers).

If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to the proper authorities, as defined at configure time or in the sudoers file (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v flags. This allows users to determine for themselves whether or not they are allowed to use sudo.

If sudo is run by root and the SUDO_USER environment variable is set, sudo will use this value to determine who the actual user is. This can be used by a user to log commands through sudo even when a root shell has been invoked. It also allows the -e flag to remain useful even when being run via a sudo-run script or program. Note however, that the sudoers lookup is still done for root, not the user specified by SUDO_USER.

sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default sudo will log via syslog(3) but this is changeable at configure time or via the sudoers file. Note: the following examples assume suitable sudoers(5) entries. To get a file listing of an unreadable directory:

  • $ sudo ls /usr/local/protected

To list the home directory of user yazza on a machine where the file system holding ~yazza is not exported as root:

  • $ sudo -u yazza ls ~yazza

To edit the index.html file as user www:

  • $ sudo -u www vi ~www/htdocs/index.html

To shutdown a machine:

  • $ sudo shutdown -r +15 “quick reboot”

To make a usage listing of the directories in the /home partition. Note that this runs the commands in a sub-shell to make the cd and file redirection work.

$ sudo sh -c “cd /home ; du -s * | sort -rn > USAGE”

Some Benefits of using sudo

  1. Users don’t have to remember an extra password (i.e. the root password), which they are likely to forget (or write down so anyone can crack into their account easily).
  2. It avoids the “I can do anything” interactive login by default (e.g. the tendency by users to login as an “Administrator” user in Microsoft Windows systems), you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing.
  3. sudo adds a log entry of the command(s) run (in /var/log/auth.log). If you mess up, you can always go back and see what commands were run. It is also nice for auditing.
  4. Every cracker trying to brute-force their way into your box will know it has an account named Root and will try that first. What they don’t know is what the usernames of your other users are. Since the Root account password is locked, this attack becomes essentially meaningless, since there is no password to crack or guess in the first place.
  5. Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from groups, while not compromising the Root account.
  6. sudo can be setup with a much more fine-grained security policy.
  7. The Root account password does not need to be shared with everybody who needs to perform some type of administrative task(s) on the system (see the previous bullet).
  8. The authentication automatically expires after a short time (which can be set to as little as desired or 0); so if you walk away from the terminal after running commands as Root using sudo, you will not be leaving a Root terminal open indefinitely.

This is just snippet of what you can do with Sudo! — Learn how to use Wget Command in Ubuntu

Sudo reference links: