SUDO command.

Using the sudoers file, system administrators can give certain users or groups access to some or all commands without those users having to know the root password via /etc/sudoers file. Basically, the sudo command temporarily elevates privileges allowing users to complete sensitive tasks without logging in as the root user.

The sudo Command

sudo was developed as a way to temporarily grant a user administrative rights. To make it work, use sudo before a restricted command. The system will prompt for your password. Once provided, the system runs the command.

sudo [command]
Where command is the command for which you want to use sudo.

Password Timeout

By default, sudo will ask you to enter your password again after fifteen minutes of sudo inactivity. You can change the default timeout by editing the sudoers file. Open the file with visudo:

sudo visudo

Set the default timeout by adding the line below, where 10 is the timeout specified in minutes:

Defaults  timestamp_timeout=10

If you want to change the timestamp only for a specific user, add the following line, where user_name is the user in question.

Defaults:user_name timestamp_timeout=10

If you need to edit the configuration file, only do so using visudo. The visudo application prevents glitches, bugs, and misconfigurations that could break your operating system.

Granting sudo Privileges

On most modern Linux distributions, a user must be in the sudo, sudoers, or wheel group to use the sudo command. By default, a single-user system grants sudo privileges to its user. A system or server with multiple user accounts may exclude some users from sudo privileges.

Of course, we recommend to only grant privileges that are absolutely necessary for the user to perform daily tasks.

The following explains how to add a user to the sudoers group.
In Debian/Ubuntu, the sudo group controls sudo users.

usermod –aG sudo [username]

Where username is your actual username. You may need to log in as an administrator or use the su command.

Using Visudo and the sudoers Group

In some modern versions of Linux, users are added to the sudoers file to grant privileges. This is done by using the visudo command.

1. Use the visudo command to edit the configuration file:

sudo visudo

2. This will open /etc/sudoers for editing. To add a user and grant full sudo privileges, add the following line:

[username] ALL=(ALL:ALL) ALL

3. Save and exit the file.

Run a Command as a User Other than Root

There is a wrong perception that sudo is used only to provide root permissions to a regular user. You can use sudo to run a command as any user.

The -u option allows you to run a command as a specified user.

In the following example, we are using sudo to run the whoami command as a user "snubmonkey":

sudo -u snubmonkey whoami

The whoami command will print the name of the user running the command:

snubmonkey

Here, is my final word _ It's not good practice to have numerous people knowing and using the root password because when logged in as root, you can do anything to the system. This could provide too much power for inexperienced users, who could unintentionally damage the system. Additionally, each time a user should no longer use the root account (for example, an employee leaves), the system administrator will have to change the root password.