10+ sudo command examples in Linux [Cheat Sheet]


CheatSheet

Reviewer: Deepak Prasad

Introduction to sudo command

sudo command in Linux stands for Super User DO. It allows you to execute a command as another user, including the superuser. sudo is an efficient way to access the root privileges and execute the command as the root user.  With sudo, you can access the root privileges without knowing the root password or logging as the root user. The user needs to have the sudo privileges to run the sudo command.

 

How to install sudo

In most of the Linux distributions, sudo is pre-installed on the system. However, if you do not find the sudo package on the system, you can install it from the default package management repositories.

To install sudo on CentOS, Fedora, and RHEL

# yum install sudo

To install sudo on Ubuntu and Debian

# apt install sudo

 

Syntax for sudo command

The security policy determines whether or not a user has sudo privileges. The default security policy is sudoers configured in the file /etc/sudoers.

The general syntax for sudo command is as follows:

$ sudo [options] command

Some of the options available in sudo command are:

  • -V: display version information of sudo
  • -h: display help message and exit
  • -l: list user's privileges or check a specific command
  • -k: reset the user's timestamp
  • -u: run the command as a different user

 

Different examples to use sudo command

1. Use sudo to run command as a root user

By default, when no user is specified, the sudo runs a command as a root user. It is mostly used to run the command which needs root permission.

$ sudo command

Sample Output:

When listing the root directory, the permission was denied because only the root user can list the root directory. But, after using the sudo command, we can list the root directory.

sudo command to run command as root user

Similarly, when you want to install, remove, or update the package in the system, you will need the root privilege. You can use sudo command to install the package without logging in as a root user.

 

2. Use sudo to run command as a different user

The -u or --user option allows you to run a command as the specified user name or user ID. So, you can run the command as a user other than the root.

$ sudo -u user command

OR

$ sudo --user=user command

Sample Output:

golinux@ubuntu-PC:~$ sudo -u deepak whoami
deepak

You can also change the password of another user without logging in.

golinux@ubuntu-PC:~$ sudo passwd deepak 
New password: 
Retype new password: 
passwd: password updated successfully

 

3. List user privileges with sudo command

The -l or --list option is used to list user's privileges on the output. You can use this option twice for a longer format.

$ sudo -l

OR

$ sudo --list

Sample Output:

It shows the user golinux can run all the commands with sudo on the system.

deepak@ubuntu:~$ sudo -l
[sudo] password for deepak:
Matching Defaults entries for deepak on ubuntu:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User deepak may run the following commands on ubuntu:
    (ALL : ALL) ALL

Use -l twice for longer output:

deepak@ubuntu:~$ sudo -ll
Matching Defaults entries for deepak on ubuntu:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User deepak may run the following commands on ubuntu:

Sudoers entry:
    RunAsUsers: ALL
    RunAsGroups: ALL
    Commands:
        ALL

It also checks for a specific command in the system. Let's check the command adduser and nmap using sudo -l.

As you can see, it does not run the command but only checks where it is located in the system.

golinux@ubuntu-PC:~$ sudo -l adduser
/usr/sbin/adduser

 

4. Display privileges for another user with sudo command

You can use -U or --other-user option with -l option to display the user privileges of the given user.

$ sudo -l -U user

OR

$ sudo -l --other-user user

Sample Output:

As you can see, the user deepak does not have sudo privileges but the root user can run all the commands.

sudo command to list user privileges

 

5. sudo command to add a user to the sudo group

When you add a user to the sudo group, that user will be able to run all commands with sudo. You can add a user to the sudo group with the following command on Ubuntu and Debian.

$ sudo usermod -aG sudo user

Sample Output:

sudo command to add user to sudo group

On RHEL, CentOS, and Fedora, you can use:

$ sudo usermod -aG wheel user

 

6. sudo command to add users to the sudoers file

The user and group sudo privileges are defined in the /etc/sudoers file. The user who is listed in the sudoers file has sudo privileges and can run sudo command. You can add a user in the sudoers file by using visudo command.

$ sudo visudo

Sample Output:

You need to add [username] ALL=(ALL:ALL) ALL on the User privilege specification as shown in the image below.

sudo command to add a user to sudoers

 

7. Run command in the background with sudo

The -b or --background option can be used to run the given command in the background. When you use this option, you cannot use shell job control to manipulate the process.

$ sudo -b command

OR

$ sudo --background command

 

8. Update sudoers files using sudo command

Normally visudo is used to add/remove/modify sudoers entry in /etc/sudoers but if you intend to add another file inside /etc/sudoers.d then you can edit files in the terminal using -e or --edit option with sudo command. This is the recommended way when we are updating sudoers entry for any user to avoid any syntax errors.

$ sudo -e file

OR

$ sudo --edit file

Sample Output:

You can only edit files on the directory which is non-writable. It opens a nano editor to edit a file.

$ sudo -e /etc/sudoers.d/01-sudo-rule

This will create a new sudo rule inside /etc/sudoers.d based on the content added in this file. Now if you didn't followed proper syntax while adding sudo rules, then after svaing the file, you won't be able to access the file again or you may not able to save the file itself. Here is a sample error when I intentionally gave a wrong syntax in my sudoers file

deepak@ubuntu:~$ sudo -e /etc/sudoers.d/01-sudo-rule
>>> /etc/sudoers.d/01-sudo-ssh: syntax error near line 2 <<<
sudo: parse error in /etc/sudoers.d/01-sudo-rule near line 2
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

 

9. sudo command to update the user's cached credentials

The -v or --validate option tells sudo to update the user's cached credentials. It updates user's timestamp without running a command.

$ sudo -v

OR

$ sudo --validate

Sample Output:

It does not print any output but displays an error if the user does not have sudo privileges.

golinux@ubuntu-PC:~$ sudo -v
[sudo] password for golinux:

 

10. sudo command to invalidate user's cached credentials

The -k or --reset-timestamp option remove the user's timestamp or cached credentials. So, when you run the sudo command next time, you will require a password. It allows a user to revoke sudo permissions from a .logout file.

$ sudo -k 

OR

$ sudo --reset-timestamp

Sample Output:

sudo command to reset user timestamp

 

11. sudo command to remove the user's timestamp completely

The -K or --remove-timestamp is similar to -k option except that it removes the user's timestamp or cached credentials completely. Not all security policies support credential caching.

$ sudo -K

OR

$ sudo --remove-timestamp

 

sudo command vs su command

Both sudo and su command are used to access the privileges of other accounts, including the root. su command is used to switch the user account whereas sudo command is used to run the command as the root user or a different user. Generally, with su command, you will need the password of the target user. But, sudo asks for the password of the current user.

For more details on su command, please read 9 su command examples in Linux [Cheat Sheet]

 

Conclusion

In this tutorial, we discussed the usages and the most common examples of sudo command in Linux. We hope you have learned how to use sudo command and execute the commands as another user with sudo privileges. If you still have any confusion, do let us know in the comment section.

 

What's Next

9 su command examples in Linux [Cheat Sheet]
How to add user to sudoers with best practices & examples
4 easy methods to check sudo access for user in Linux

 

Further Reading

man page for sudo command

 

Rohan Timalsina

Rohan Timalsina

He is proficient in a wide range of skills, including Page Builder Plugins such as Elementor, Beaver Builder, Visual Composer, and Divi Builder. His expertise extends to Front End Development with HTML5/CSS3, JavaScript, Bootstrap, and React.js. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment