Run commands as root with sudo
Last Updated :
17 Jun, 2021
Introduction –
Linux follows the very tough permission model. A root user can do anything but normal user has no permissions. To run any command, they need to ask for permissions from the superuser. The easy and common way to grant administrative privileges to non-root users is, a user can use su command and temporarily become the root but users must know the root’s password. In corporate world this is very dangerous because all the privileges of root are granted to any user, who can do anything. For Example –
[userA@rhel7 ~]$ su -
Password:
It’s asking for the password of superuser.
To overcome above mentioned risk, sudo command comes in trend. It allows a user to run a command as a root or as any other user after providing the user’s own password for authentication. These information are defined in the /etc/sudoers file. Before describing “sudo” command I want to talk a bit about visudo
What is visudo –
visudo is a command to edit configuration file for sudo command located at /etc/sudoers.You should not edit this file directly with normal editor, always use visudo for safety and security. Editing /etc/sudoers file requires superuser’s privileges.
visudo command cannot allow to edit /etc/sudoers file simultaneously by just locking the file and if someone tries to access the same it will get a message to try later.
[root@rhel7 ~]# visudo
visudo: /etc/sudoers busy, try again later
It also checks the syntax of edits and provide basic sanity checks which are very helpful. If it identifies any error, then visudo won’t allow to save the file with edits.
Set rules in sudoers file –
A common question arises in everyone’s mind, how we define the rules in sudoers file? So, before editing it’s better to understand the existing configuration which defines which users can run what software on which machines. Syntax of pre-defined rule is given below –
root ALL=(ALL:ALL) ALL
This allows root to run any command anywhere.Meaning of this line is –
username hosts=(users:groups) commands
ALL means, the user can run all commands on all hosts, as all users and groups. So, root has all the privileges to run any command as any user or group.
Let considered an example and provide ALL power to userA as root.
userA ALL=(ALL:ALL) ALL
If you wish to use command without password then use PASSWD parameter –
userA ALL(ALL:ALL) NOPASSWD:ALL
In below example userA only start, stop and restart the “httpd” service
userA ALL=(root) /usr/bin/systemctl, /usr/sbin/httpd start stop restart
User can check whether the command is working or not. Then follow the below procedure to check –
[root@rhel7 ~]# su - userA
Last login: Thu Sep 13 15:01:18 EDT 2018 on pts/0
[userA@rhel7 ~]$ sudo -u root systemctl stop httpd
[sudo] password for userA:
[userA@rhel7 ~]$
Note – We can also use vim with visudo.
export VISUAL=vim; visudo
Using nano with visudo
export VISUAL=nano; visudo
Assign privileges to a group –
You can assign similar privileges to multiple users just by making a group them. There is one predefined group is in sudoers file. Members of this group can use sudo to run any commands as any user, including superuser. We can add users to this group. It is normally configured like –
%wheel ALL=(ALL) ALL
Use command to add user in wheel group –
usermod -aG wheel username
Similar Reads
Running previous command with sudo
In the same way, sudo is used to execute any command that requires super-user privileges in Unix-like operating systems. At times, one executes some commands yet forgets to invoke them under sudo. Rather than rewriting all that again, you may use one simple trick: rerun the last command with 'sudo'.
5 min read
sudo Command in Linux with Examples
sudo (Super User DO) command in Linux is generally used as a prefix for some commands that only superusers are allowed to run. If you prefix any command with "sudo", it will run that command with elevated privileges or in other words allow a user with proper permissions to execute a command as anoth
8 min read
apt-get command in Linux with Examples
The command-line tool `apt-get` is the most popular package management tool used in our Debian-based Linux operating system. This article provides an overview of `apt-get` and its basic syntax. It will include the most commonly used commands, their syntax, description, and examples. It also gives an
15+ min read
How to run Linux Commands on Windows 10?
It is a dilemma when you want to switch from one operating system to another. This is a common case when you switch from Windows to Linux. Either you store your data and then uninstall Windows to install Linux and then transfer your data or you can have a dual boot system where you encounter an opti
2 min read
adduser command in Linux with Examples
adduser command in Linux is used to add a new user to your current Linux machine. This command allows you to modify the configurations of the user which is to be created. It is similar to the useradd command in Linux. The adduser command is much interactive as compared to useradd command. Installing
4 min read
exit command in Linux with Examples
The 'exit' command is a fundamental command in Linux used to exit the current shell session. This command is widely used in scripting and command-line operations, allowing users and scripts to terminate a session or a process in a controlled manner. The 'exit' command can take an optional parameter
2 min read
chage command in Linux with examples
The 'chage' command in Linux is a powerful tool used to manage user password expiry and account aging information. It is particularly useful in environments where user access needs to be controlled over time, such as when login access is time-bound or when it’s necessary to enforce regular password
4 min read
usermod command in Linux with Examples
usermod command or modify user is a command in Linux that is used to change the properties of a user in Linux through the command line. After creating a user we have to sometimes change their attributes like password or login directory etc. so in order to do that we use the Usermod command. The info
4 min read
chgrp command in Linux with Examples
The `chgrp` command in Linux is used to change the group ownership of a file or directory. All files in Linux belong to an owner and a group. You can set the owner by using “chown†command, and the group by the "chgrp" command. Syntax of `chgrp` command in Linuxchgrp [OPTION]… GROUP FILE… chgrp [OPT
3 min read
aptitude command in Linux with examples
The aptitude command in Linux provides a user-friendly interface to interact with the machine's package manager. It functions similarly to a control panel, like in Windows, allowing you to install, upgrade, and remove packages. The command can be used in either a visual interface or directly via the
5 min read