SUDO command.
Sudo stands for SuperUser DO and it allows you to run programs with the security privileges of another user (by default, as the superuser or the root user). It prompts you for your personal password and confirms your request to execute a command by checking a file, called sudoers.
Using the sudoers
file, system administrators can give certain users or groups access to some or all commands without those users having to know the root
password via /etc/sudoers file. Basically, the sudo
command temporarily elevates privileges allowing users to complete sensitive tasks without logging in as the root user.
The sudo Command
sudo
was developed as a way to temporarily grant a user administrative rights. To make it work, use sudo
before a restricted command. The system will prompt for your password. Once provided, the system runs the command.
sudo [command]
Where command
is the command for which you want to use sudo.
Password Timeout
By default, sudo will ask you to enter your password again after fifteen minutes of sudo inactivity. You can change the default timeout by editing the sudoers file. Open the file with visudo:
sudo visudo
Set the default timeout by adding the line below, where 10
is the timeout specified in minutes:
Defaults timestamp_timeout=10
If you want to change the timestamp only for a specific user, add the following line, where user_name is the user in question.
Defaults:user_name timestamp_timeout=10
If you need to edit the configuration file, only do so using visudo. The visudo application prevents glitches, bugs, and misconfigurations that could break your operating system.
Granting sudo Privileges
On most modern Linux distributions, a user must be in the sudo, sudoers, or wheel group to use the sudo
command. By default, a single-user system grants sudo privileges to its user. A system or server with multiple user accounts may exclude some users from sudo privileges.
Of course, we recommend to only grant privileges that are absolutely necessary for the user to perform daily tasks.
The following explains how to add a user to the sudoers group.
In Debian/Ubuntu, the sudo group controls sudo users.
usermod –aG sudo [username]
Where username is your actual username. You may need to log in as an administrator or use the su
command.
Using Visudo and the sudoers Group
In some modern versions of Linux, users are added to the sudoers file to grant privileges. This is done by using the visudo
command.
1. Use the visudo
command to edit the configuration file:
sudo visudo
2. This will open /etc/sudoers for editing. To add a user and grant full sudo privileges, add the following line:
[username] ALL=(ALL:ALL) ALL
3. Save and exit the file.
Run a Command as a User Other than Root
There is a wrong perception that sudo
is used only to provide root permissions to a regular user. You can use sudo
to run a command as any user.
The -u
option allows you to run a command as a specified user.
In the following example, we are using sudo
to run the whoami
command as a user "snubmonkey":
sudo -u snubmonkey whoami
The whoami
command will print the name of the user running the command:
snubmonkey
Here, is my final word _ It's not good practice to have numerous people knowing and using the root
password because when logged in as root
, you can do anything to the system. This could provide too much power for inexperienced users, who could unintentionally damage the system. Additionally, each time a user should no longer use the root
account (for example, an employee leaves), the system administrator will have to change the root
password.