How to Use the sudo Command in Linux
Sudo stands for SuperUser DO and is used to access restricted files and operations. By default, Linux restricts access to certain parts of the system preventing sensitive files from being compromised.
sudo command temporarily elevates privileges allowing users to complete sensitive tasks without logging in as the root user. In this tutorial, learn how to use the sudo command in Linux with examples.
How to configure allowing users to use the sudo command
To configure a user we first need to log in as the root user.
Step 1: Use the useradd command to add a user to the system:
Step 2: Use the passwd command to update the password for the newly created user:
The password must be strong enough and confirm the password.
For CentOS 7, by default all users in wheel are given sudo privileges.
Step 3: Use the usermod command to add the newly created user to the wheel group
usermod -aG wheel username
Step 4: Access sudo on the new user
- Use su to switch to a new user: su username
- Type sudo before you want to run as superuser: sudo command_to_run
- The first time you execute the sudo command, you’ll enter the user’s password:
Example: View the directory of user /root:
Displaying elements in the /root user’s directory is inherently only possible for the root user:
sudo ls -la /root
When your user is added to the wheel group, your commands are executed as root.
Above is how to configure for a user to use all the commands corresponding to the root user. In some cases, the administrator only allows the user to use the sudo command to perform a few commands, we have a way to configure it in the visudo configuration file.
To let the user use the sudo command to execute a certain command, we just need to configure the file visudo.
Add poweroff permission for the user:
Add poweroff permission for user2 to use sudo to shutdown in visudo file:
Configure the user to use the sudo command:
Configure the user to use the sudo command to execute some or all commands corresponding to the root user:
Allows user1 to execute multiple commands as root
user1 ALL=(root) /sbin/shutdown, /bin/kill, /etc/init.d/httpd.
Allows user1 to shutdown without having to confirm with a password
user1 localhost= NOPASSWD: /sbin/shutdown.
Allows user1 to execute any command in /usr/bin on machine linux01.
user1 linux01 = /usr/bin/*
Use sudo to remove or add a user or group
sudo useradd username sudo userdel username sudo groupadd anewgrou sudo groupdel anewgroup
Use sudo to run commands as another user – not just the root user
Most people use sudo to run commands as root, which also allows you to run commands as other users. Just use the -u option with the sudo command and specify the username.
sudo -u username whoami
Use the sudo command to update to new updates:
sudo yum update
Without using sudo when another user is configured the entire command of the root user will not be updated. Example of this problem:
Using sudo to switch to the root user:
sudo -i -u root
When using sudo to switch from the current user to the root user, there is no need to use the root user’s password. This makes the root account more secure.
Fix the corrupted /etc/sudoers file:
The /etc/sudoers file can keep sudo inactive and really mess you up. So there are a few ways around this that don’t involve a lot of work, and the visudo command provides some detail on the issues that need to be fixed.
How to fix:
In addition, you can also implement a file editor according to your needs:
sudo vim /file