Consider the comic above from the excellent webcomic XKCD. The sloth in the chair wants his friend to make him a sandwich, but he has no power to force him to do so. That is, until you invoke the powerful sudo command. After which a sandwich will be made one way or another.
Although testing sudo on a person in real life is probably not so effective, it is the magic command that overcomes all obstacles in the Linux world. What is sudo? Why does it exist? The answer lies in how Linux handles permissions.
Understanding Linux User Permissions
Linux is considered a secure operating system because of the way it handles permissions. While operating systems like macOS (which shared an ancestor with Linux) and Windows are now more like Linux in this regard, the open-source operating system is still somewhat unique.
Understanding how Linux handles permissions makes understanding the sudo command much easier. All modern operating systems have an “administrator” or “root” user permission level. If you have an administrator or root account, you can change any setting, delete any data, and generally do whatever you want with the computer.
This includes things you probably shouldn’t do that may result in data loss or the need for a full cleanup and reinstallation.
Linux does not make root user level permissions the default. Instead, your account cannot access really sensitive parts of the system without increasing your permission level. This means that the system will ask you to enter the administrator password when you want to do something unusual using a graphical interface.
However, when you want to use the Terminal command line to get things done, sudo is the safest and most efficient way to do it.
sudo and the terminal
There are two ways to grant yourself elevated permissions in Linux. One is to permanently log in as the root user. The problem with this is that anyone else who can access the computer can wreak havoc, and even you can do it by accident. Sudo only elevates your permissions for a short time to run the specific commands that follow.
The sudo syntax (the command format) is simple. Just type “sudo” followed by the command you want to run.
For example, “sudo apt-get update” will update all application repositories listed in the corresponding file. If you try to run it without sudo, you will get an error message that you don’t have permission. By the way, this is usually the first sudo command you’ll want to run after a fresh install of your favorite Linux distribution.
The “Su” in Sudo
The “su” in sudo is short for “superuser” and is a standalone command. The “su” command allows you to change the user privileges to which sudo elevates it.
Although sudo temporarily elevates you to root, su changes you to another user with the appropriate privileges. This may seem like a minor distinction, but there are good reasons to change the account to which sudo elevates a user.
First of all, switching accounts means that regular users don’t know the root password. Second, there is a log of all sudo commands, which means the system administrator (root) can find out who issued the su commands.
The syntax for su is essentially the same as sudo:
Your USERNAME -c COMMAND
Replace USERNAME with the desired user to run the command and COMMAND with the Linux command you want to run.
If you want to run multiple commands as another user, just use:
Replace USER with the desired user account identity.
If you use su alone, Linux will switch to the other user account until you use the “exit” command. It is important to remember that this user or the next user accessing the terminal in this session will always have elevated permissions. That’s why it’s usually better to use sudo instead of su.
sudo time limit
The first time you use a sudo command, you will need to enter a password. Then this password will remain valid for 15 minutes. You can change this default by running the command sudo visudo and changing “timestamp_timeout=” to a longer or shorter value. However, we don’t recommend doing this unless you have a good reason to extend or shorten the validity of a sudo password.
Sudo Option Switches
Although the sudo syntax is simple, there are several switches worth knowing. These commands open additional information or help you control the sudo session:
- -h shows syntax and command information for sudo.
- -V displays the current version of sudo on your machine.
- -v updates the sudo time limit, resetting the clock.
- -I lists the privileges of the user.
- -k immediately kills the current sudo session, removing elevated privileges.
There are many other options built into sudo, and you can see them all using the first -h switch mentioned above.
The screenshot above is what happens when you use the help option.
Useful sudo commands
So what sudo-enabled commands should every Linux user know? We’ve already covered updating sudo apt-get, but note these as well:
- sudo apt-get update will update all installed packages.
- sudo apt-get install
install the software of your choice; just replace the package name with the one you want to install.
- If you don’t know the package name, use dpkg –list.
- If you want to remove an installed package from the terminal, use sudo apt-get remove
(again replacing the name of the specific package in question).
These are probably the first sudo commands you’ll need to use, but as you learned earlier, any command can follow sudo, but you should only use those that require higher privileges.