In this guide, we will take you through the basics of using the sudo command within a Linux-based distribution.
The sudo command allows any user within the sudo group to run commands as another user. By default, sudo will run as root, but you can specify any user you want. If you plan on using a Linux operating system, you will likely use this command quite a bit.
You will most likely use this command when you run a command requiring root or super user privileges. For example, many user administration commands will need the user to have root privileges to run. In less likely scenarios, you may need to use a different user to run a specific command.
This tutorial covers most of the basics for using the sudo command on a Linux operating system. For example, we cover the syntax, options, and a few use-cases.
Table of Contents
- sudo Command Syntax
- sudo Command Options
- Using the sudo Command
- sudo su
- Granting sudo Privileges
- More Help
sudo Command Syntax
The sudo command itself is very straightforward and accepts two different parameters. Therefore, it is most likely you will use this command with no additional options applied to it.
sudo [OPTIONS] [COMMAND]
- [OPTIONS] is where you can specify any additional options you would like to apply to the sudo command.
- [COMMAND] is the command you wish to run as the superuser or another user.
sudo Command Options
There are quite a few different options that you can apply to the sudo command. However, it is unlikely you will use them in most cases.
--bellwill ring the bell whenever a password prompt appears.
--backgroundwill run the given command in the background. If the command is interactive, it will likely fail in background mode. Also, it is not possible to control background processes started by sudo.
--reset-timestampwill invalidate the user’s cached credentials. This change will require the user to enter the password when they attempt to use sudo again.
If you use this option with a command, sudo will ignore the user’s cached credentials and require a password. However, it will not update the user’s cached credentials.
--remove-timestampwill remove the user’s cached credentials. It does not work with a command.
--listwill list the allowed and forbidden commands for the invoking user. You can specify a different user by using the
-uoption. If a command is specified, a fully qualified path to the command is displayed along with any command line arguments.
--non-interactivewill prevent any prompt for input from the user. However, in some cases, this may result in an error, such as sudo requiring a password to execute.
groupwill run the command using the specified group as the primary group. You can specify the group ID (GID) or a group name. If you do not specify a user using the
--useroption, the command will run as the invoking user.
userwill run the command as the specified user ID or user name.
timeoutallows you to terminate the command after the specified time limit.
--helpdisplays brief help information for the sudo command.
--validatewill update the user’s cached credentials. This update will extend the sudo timeout by another 15 minutes by default. It does not work with a command.
--will stop sudo from processing command line arguments.
Below is a brief description of some options you can use. I recommend accessing the help documents within Linux if you require more information.
Using the sudo Command
There are many examples of when you will need to use sudo to perform a specific task. For example, if you need to perform an action that requires administrative privileges, such as changing settings on other users or editing system properties.
You can also use sudo to run Linux commands as another user or group. It is useful if you have specific tasks running under a particular user but do not want to log in separately to the user.
Below are a few examples of how you can use the sudo command to perform different tasks.
The most likely way you will use the sudo command is without any options. To run the sudo command, enter sudo followed by the command you wish to run as root.
The output below shows that the user is root when we run whoami with sudo.
dev@pimylifeup:~$ sudo whoami [sudo] password for dev: root
You can use sudo to run commands as a user that is not root by using the
In the example below, we use the
--user option to run the sudo command as the pi user. We use
whoami to confirm the command runs under the pi user.
sudo --user=pi whoami
As you can see in our output below, the whoami command runs as the pi user.
dev@pimylifeup:~$ sudo --user=pi whoami [sudo] password for dev: pi
To use a specific group when using the sudo command, you can use the
--group= option followed by the group you wish to use.
sudo --group=pi mkdir example
If you do not specify a user using the
--user option, the command will run as the invoking user.
Below is an example of specifying a group to use instead of the regular user’s primary group. By using ls -l, we can see the owner and group of our directory are the invoking user and the group we specified.
dev@pimylifeup:~$ sudo --group=pi mkdir example [sudo] password for dev: dev@pimylifeup:~$ ls -l drwxrwxr-x 2 dev pi 4096 Jul 22 11:41 example
The example below creates a directory using sudo and the mkdir command without any extra options. As expected, the directory is owned by the root user and group.
dev@pimylifeup:~$ sudo mkdir normal dev@pimylifeup:~$ ls -l drwxrwxr-x 2 dev pi 4096 Jul 22 11:41 example drwxr-xr-x 2 root root 4096 Jul 22 11:42 normal
Extending the Password Timeout
--validate option will extend the password timeout by another 15 minutes (Depending on the operating system), but you can change this value by editing the sudoers file. You will be prompted to enter the password if the password has expired.
In the example below, we extend the password timeout using the
A popular use of sudo is using it to run the su command. Using the su command allows you to switch users to the root user (default) or a user of your choice. By running the su command with sudo, you do not need to specify the user’s password to swap to it.
To swap to the root user, write the following command into the terminal.
After using the sudo su command, you will be the root user or the user you specified. You will remain logged in as the other user until you enter exit into the terminal.
The output below demonstrates logging into the root user and using exit to return to the original user.
dev@pimylifeup:~$ sudo su root@pimylifeup:/home/dev# exit exit
Granting sudo Privileges
For a user to use the sudo command, it will need to be granted sudo privileges. By using sudo, a user can perform commands as the root user, so only grant the privileges to users you can trust.
To grant sudo privileges, you will need to add the user to the sudo group on Ubuntu/Debian or the wheel group on CentOS/Fedora. You can configure settings further by editing the sudoers file using visudo, but we will cover this in another tutorial.
Ubuntu or Debian
To add a user to the sudo group on Ubuntu or Debian, you can use the usermod command.
sudo usermod -aG sudo username
To check if the user is now in the sudo group, you can use the id command.
dev@pimylifeup:~$ id -Gn pi pi sudo
CentOS or Fedora
If you are using CentOS or Fedora, the sudo group name is wheel. You can use the usermod command to add the user to the group.
sudo usermod -aG wheel username
Using the id command, you can confirm that the user is now in the group.
dev@pimylifeup:~$ id -Gn pi pi wheel
There are a couple of easy methods that you can use to get more help in regards to the sudo command.
The first method uses the man command that is inbuilt into most Linux operating systems. To load the manual pages for the command, enter man followed by sudo into the terminal.
To exit the manual pages, press the
Alternatively, you can use the
--help option with the sudo command to display some basic help information.
I hope either of the above options provides you with the information you require.
I hope you now have a good understanding of the sudo command and how you can utilize it on a Linux distribution. It is an extremely useful command for handling tasks that require elevated privileges.
If you are new to Linux, you will want to learn some of the many other commands that you can use. For example, you might want to check on the uptime of your system or change the password of your user. There is plenty to learn about this incredibly versatile operating system.
Please let us know if you notice a mistake or if an important topic is missing from this guide.