Table of Contents
Why `sudo` Exists
On most Linux systems, everyday work is done as an unprivileged user. Some tasks (installing software, changing system config, managing users, etc.) require root (administrator) privileges.
sudo (“superuser do”) lets you run just one command (or a small set of commands) with elevated privileges, instead of logging in as root.
Key ideas specific to sudo:
- You keep working as your normal user.
- You temporarily “borrow” extra privileges for specific commands.
- Actions you do with
sudoare usually logged for auditing.
Basic `sudo` Usage
Running a single command as root
To run a command as root:
sudo command [arguments]Examples:
sudo apt update
sudo rm /etc/some-config
sudo systemctl restart ssh
Only the command after sudo runs with elevated privileges; your shell session remains your normal user.
The `sudo` password prompt
When you run sudo:
- It asks for your own user password, not the root password (on most systems).
- If it says
user is not in the sudoers file, your account isn’t allowed to usesudo. - After successfully entering your password once, you usually won’t be asked again for a few minutes (the “sudo timestamp”).
You can force sudo to ask again by clearing the timestamp:
sudo -k
After this, the next sudo will ask for your password again.
Common `sudo` Options
You will most often see:
sudo -v— Validate/refresh your existingsudotimestamp (check that you still have sudo access and renew it).sudo -k— Invalidate yoursudotimestamp (nextsudowill ask for password).sudo -l— List what commands you’re allowed to run withsudo.
Example:
sudo -l
This shows the sudo rules that apply to your user.
Editing Files with `sudo`
Avoid common traps with text editors
If you try to edit a system file like:
nano /etc/hosts
you will likely get a “permission denied” error. You need sudo:
sudo nano /etc/hosts
This runs nano itself with elevated privileges, so it can save the file.
Do not do:
nano /etc/hosts
# edit...
sudo cp /tmp/something /etc/hostsor similar “workarounds” without understanding permissions, because you can easily break ownership or permissions on important files.
Using `sudo` with graphical editors
Graphical editors can be trickier. On desktop systems, you may see helpers like pkexec or dedicated “Edit as Administrator” options. How this works is distribution/desktop-specific, so follow your distro’s documentation rather than inventing workarounds.
For now, as a beginner, prefer:
- Terminal editing with
sudo nano /path/to/file - Or using your system’s official “administrator” method for GUI tools.
Running a Shell or Command as Another User
While sudo is most often used to run commands as root, it can run things as another user too.
Running as a different user
sudo -u username command
Example: run a command as user www-data:
sudo -u www-data whoami
This prints www-data.
If you omit -u, it defaults to root.
Starting a root shell
Sometimes you want an interactive root shell (use sparingly):
sudo -i- Runs login initialization for root (like a fresh root login).
- You get a prompt as root (
#is common).
Another variant:
sudo -s- Starts a shell as root but keeps more of your current environment.
Be very careful inside a root shell. Every command has full power over the system.
Good Practices and Safety with `sudo`
Minimize `sudo` usage
- Only use
sudowhen a command actually needs extra privileges. - Don’t run interactive tools with root unless necessary.
- Prefer
sudoon specific commands (sudo command) instead ofsudo -ifor everything.
Check commands before pressing Enter
Because sudo gives a command high privileges, double-check:
- File paths (e.g.,
rm -rf /important/pathvs intended path) - Wildcards (
*) and variables - That you’re in the correct directory
It’s easy to cause irreversible damage as root.
Avoid `sudo` in dangerous combinations
Some examples to be careful with:
sudo rm -rf /something— a typo could wipe critical parts of the system.sudo dd if=... of=...— can overwrite disks; know exactly what you are doing.sudo chmod -R 777 /or similar — catastrophic for security and system behavior.
If you’re not sure what a command does, don’t add sudo “just to make it work.” Understand the command first.
Environment and `sudo`
When you use sudo, the environment (PATH, variables, etc.) may change.
Typical differences:
- The
PATHfor root includes directories like/sbinand/usr/sbin. - Some environment variables are reset for safety.
If a command works as your user but not with sudo (or vice versa), it may be because:
- The command is in a different PATH.
- Some needed environment variable is not preserved.
You can inspect the environment root gets by running:
sudo env
For beginners, don’t try to “fix” this by using insecure options (sudo -E or complex sudoers tweaks) unless you understand the risks.
`sudo` and Logs
Most systems log sudo usage, for example in /var/log/auth.log or via journalctl. This lets administrators see:
- Who used
sudo - What command they ran
- When they ran it
This logging is one motivation for using sudo instead of directly logging in as root.
Very Brief Look at `sudo` Configuration
The detailed configuration of who can run what with sudo is controlled by the sudoers system (the sudoers file and potentially included files).
At a beginner level, you mainly need to know:
- If you are allowed to use
sudoat all is decided there. - You normally should not edit
sudoersby hand at this stage. - If
sudosays you’re not allowed, you need an administrator to grant you access.
You’ll encounter sudoers and more advanced configuration in later, more advanced chapters.