Support > About cloud server > Let you know how to use the sudo command
Let you know how to use the sudo command
Time : 2025-02-25 15:22:23
Edit : Jtti

  sudo is a tool used in Linux and Unix systems to execute commands as another user (usually the root user). It allows ordinary users to execute commands that are usually only executable by superusers without completely switching to superuser identity. Proper use of sudo can improve system security and avoid unnecessary permission exposure.

  This article will introduce the use of sudo command in detail, including basic syntax, common usage, configuration files, etc.

  1. Basic syntax of sudo command

  sudo [OPTION] COMMAND [ARGUMENTS...]

  sudo: Instructs the system to execute commands with superuser privileges.

  [OPTION]: Optional parameters that specify how sudo behaves (for example: -u, -i, etc.).

  COMMAND: The command to be executed.

  [ARGUMENTS...]: Parameters passed to the command.

  2. Common uses of the sudo command

  1. Execute commands as a superuser

  When ordinary users execute commands that require administrator privileges, they can use sudo to elevate privileges.

  sudo ls /root

  In this example, sudo elevates user privileges in order to execute the ls command and view the contents of the /root directory.

  2. Modify file contents (for example, using an editor)

  Many times, superuser privileges are required to modify system files or configuration files. For example, use nano or vim to edit the /etc/hosts file:

  sudo nano /etc/hosts

  3. Install software packages

  On Debian-based systems (such as Ubuntu), you can use sudo apt to install software packages:

  sudo apt update

  sudo apt install vim

  On Red Hat-based systems (such as CentOS, Fedora), you can use sudo yum or sudo dnf:

  sudo yum install vim

  4. View system information (such as hard disk space, memory usage)

  Sometimes superuser privileges are required to view system information (such as df, free). Use sudo to execute commands:

  sudo df -h

  sudo free -m

  5. Change file or directory permissions

  Superuser privileges are required to modify file or directory permissions. Use sudo to change file permissions:

  sudo chmod 755 /somefile

  sudo chown user:user /somefile

  III. Common options of sudo

  1. -u option: specify user identity to execute commands

  Usually, sudo executes commands as the root user by default. If you want to execute commands as other users, you can use the -u option.

  sudo -u username command

  For example, to execute the ls command as the username user:

  sudo -u username ls /home/username

  2. -i option: start an interactive superuser shell

  Use sudo -i to start a new interactive shell and switch to the superuser (root) environment.

  sudo -i

  After entering the root user environment, you can execute commands directly without using sudo every time.

  3. -s option: run the specified shell

  sudo -s starts a new shell and retains the current user's environment variables. The difference from -i is that -s does not load the root user's environment configuration.

  sudo -s

  4. -l option: List commands allowed to be executed

  Using the -l option, users can see which commands they have permission to execute.

  sudo -l

  This will display a list of commands that the current user is authorized to execute in the sudoers configuration file.

  5. -v option: Update sudo's timestamp

  By default, sudo remembers the current user's authentication status after executing a command (default lasts 15 minutes). Using -v can extend this time.

  sudo -v

  Fourth, sudo configuration file /etc/sudoers

  Sudo's permission control is configured through the /etc/sudoers file. This file defines which users or user groups can execute which commands using sudo. For security reasons, it is best to edit the file with the visudo command, because visudo automatically checks for syntax errors.

  1. Edit the sudoers file

  Use the visudo command to edit the sudoers file:

  sudo visudo

  2. Configure user and command permissions

  The following are common configuration items in the /etc/sudoers file:

  Allow a user to execute all commands

  username ALL=(ALL) ALL

  Allow a user to execute specific commands

  username ALL=(ALL) /usr/bin/ls, /usr/bin/cat

  Allow a user group to execute commands

  %groupname ALL=(ALL) /usr/bin/apt-get, /usr/bin/ls

  No password prompt

  If you want certain commands to be executed without entering a password, you can use the NOPASSWD option:

  username ALL=(ALL) NOPASSWD: /usr/bin/ls

  3. Ensure file security

  Be careful when editing the sudoers file to avoid syntax errors. Incorrect configuration may make the system unable to use sudo. When editing with visudo, it checks for syntax errors in the file to prevent damage to the configuration.

  V. Security of sudo

  Using sudo provides a certain degree of security because it does not expose superuser privileges to ordinary users. Here are some best practices related to sudo security:

  1. Limit sudo privileges

  Through the sudoers configuration file, ensure that only trusted users and necessary permissions are granted. For example, only allow specific commands to be executed instead of giving users full root privileges.

  2. Use strong passwords and multi-factor authentication (MFA)

  It is recommended to protect sudo privileges with a strong password and enable multi-factor authentication (MFA) when possible to enhance system security.

  3. Monitoring and auditing

  Ensure that the execution of all sudo commands can be traced by enabling logging. For example, you can add the following configuration to the /etc/sudoers file to enable logging:

  Defaults logfile="/var/log/sudo.log"

  4. Restrict root access

  Try to avoid logging in directly as the root user and ensure that all management operations are performed through sudo.

  VI. Common sudo errors and solutions

  1. "user is not in the sudoers file" error

  If this error occurs, it means that the current user is not authorized to use sudo. You need to add the user to the sudoers file. For example:

  sudo usermod -aG sudo username

  Then log in again as the user.

  2. "command not found" error

  If you receive this error when executing a command using sudo, it may be because the command path is wrong. Use an absolute path (such as /usr/bin/command) to ensure that the command can be found.

  sudo is a powerful tool in Linux and Unix systems that helps users execute commands that require administrator privileges without switching to the root user. Understanding the basic usage, configuration, and security measures of sudo can effectively improve the flexibility and security of system management. Correctly configuring sudo permissions and using sudo commands can help you perform system management tasks while protecting the system.

Relevant contents

Steps to improve volume management for OpenStack pike How to install Unity Editor on Linux What are the benefits of using DIV+CSS layout when building a website? How to solve the problem that the DB2 database transaction log is full? How to create a theme navigation menu using WordPress? What are the common CPU types of cloud servers How to choose vps japan dual line cn2 Hong Kong vps server gia+CN2+BGP line vps hong kong cn2 line Hong Kong vps CN2 GIA
Go back

24/7/365 support.We work when you work

Support
JTTI-Defl JTTI-COCO JTTI-Selina JTTI-Ellis JTTI-Eom