Linux sudo Command
Learn Linux sudo Command with examples
Published
- Linux sudo Command
- sudo Command Syntax
- sudo -a Command
- sudo -b Command
- sudo -h Command
- sudo -H Command
- sudo -k Command
- sudo -K Command
- sudo -l Command
- sudo -n Command
- sudo -p Command
- sudo -s Command
- sudo -S Command
- sudo -u Command
- sudo -v Command
- sudo -V Command
- sudo -
- sudo Environment Variables
Linux sudo Command
In Linux, sudo stands for SuperUser DO and is used to access restricted files and operations.
In Linux, we can use “sudo” command is used as a prefix of some command that only superuser are allowed to run.
Add sudo prefix to any command to elevated privileges or in other words allow a user with proper permissions to execute a command as another user, such as the superuser.
These users who can use the sudo command need to have an entry in the sudoers file located at “/etc/sudoers”.
By default, sudo requires that users authenticate themselves with a password which is the user’s password, not the root password itself.
sudo Command Syntax
>> sudo -V | -h | -l | -v | -k | -K | -s | [ -H ] [-P ] [-S ] [ -b ] |
[ -p prompt ] [ -c class|- ] [ -a auth_type ] [-r role ] [-t type ]
[ -u username|#uid ] commandsudo -V | -h | -l | -L | -v | -k | -K | -s | [ -H ] [-P ] [-S ] [ -b ] |
[ -p prompt ] [ -c class|- ] [ -a auth_type ] [-r role ] [-t type ]
[ -u username|#uid ] command
sudo -a Command
sudo -a (authentication type) option causes sudo to use the specified authentication type when validating the user, as allowed by /etc/login.conf.
The system administrator may specify a list of sudo-specific authentication methods by adding an “auth-sudo” entry in /etc/login.conf.
>> sudo -a
sudo -b Command
sudo -b, The (background) option tells sudo to run the given command in the background.
Note that if you use the -b option you cannot use shell job control to manipulate the process.
>> sudo -b
sudo -h Command
sudo -h or –help: The -h (help) option causes sudo to print a usage message and exit.
>> sudo -h
sudo -H Command
sudo -H (HOME) option sets the HOME environment variable to the home directory of the target user (root by default) as specified in passwd.
By default, sudo does not modify HOME.
>> sudo -H
sudo -k Command
sudo -k, The -k (kill) option to sudo invalidates the user’s timestamp.So, the next time sudo is run a password will be required.
This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.
>> sudo -k
sudo -K Command
sudo -K, Similar to the -k option, the -K (sure kill) option is used to remove the user’s timestamp entirely.
Likewise, this option does not require a password.
>> sudo -K
sudo -l Command
sudo -l (list) option will print out the commands allowed (and forbidden) the user on the current host.
>> sudo -l
sudo -n Command
sudo -n option as shown below, which will execute the command without prompting for the password.
This is very helpful when we want to run some of the sudo commands as background jobs (or in a shell script), where we don’t want sudo to ask for the password. -n option stands for non-interactive.
>> sudo -n
sudo -p Command
The -p (prompt) option allows you to override the default password prompt and use a custom one. The following percent (‘%’) escapes are supported.
>> sudo -p
- %u is expanded to the invoking user’s login name;
- %U is expanded to the login name of the user the command will be run as (which defaults to root);
- %h is expanded to the local hostname without the domain name;
- %H is expanded to the local hostname including the domain name (only if the machine’s hostname is fully qualified or the “fqdn” sudoers option is set);
- %% (two consecutive % characters) are collapsed into a single % character.
sudo -s Command
sudo -s (shell) option runs the shell specified by the SHELL environment variable if it is set or the shell as specified in the file passwd.
>> sudo -s
sudo -S Command
sudo -S (stdin) option causes sudo to read the password from standard input instead of the terminal device.
>> sudo -S
sudo -u Command
sudo -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a username, use #uid.
>> sudo -u
sudo -v Command
sudo -v If, given the -v (validate) option, sudo will update the user’s timestamp, prompting for the user’s password if necessary.
This extends the sudo timeout for another 5 minutes (or as given in sudoers) but does not run a command.
This does not give any output.
>> sudo -v
sudo -V Command
sudo -V option allows sudo to print the version number and exit.
If the invoking user is already root, the -V option will print out a list of the defaults sudo was compiled with.
>> sudo -V
sudo -
sudo — flag indicates that sudo should stop processing command line arguments. It is most useful in conjunction with the -s flag.
>> sudo -
sudo Environment Variables
Following environment variables are used by sudo.
| Tag | Description |
| EDITOR | Default editor to use in -e (sudoedit) mode if VISUAL is not set |
| HOME | In -s or -H mode (or if sudo was configured with the –enable-shell-sets-home option); set to homedir of the target user |
| PATH | Set to a sane value if the secure_path sudoers option is set. |
| SHELL | Used to determine shell to run with -s option. |
| SUDO_PROMPT | Used as the default password prompt. |
| SUDO_COMMAND | Set to the command run by sudo. |
| SUDO_USER | Set to the login of the user who invoked sudo. |
| SUDO_UID | Set to the uid of the user who invoked sudo. |
| SUDO_GID | Set to the gid of the user who invoked sudo. |
| SUDO_PS1 | If set; PS1 will be set to its value. |
| USER | Set to the target user (root unless the -u option is specified). |
| VISUAL | Default editor to use in -e (sudoedit) mode. |