sudo tutorial - Unix Tutorial

sudo allows you to run a Unix command as a different user. Using /etc/sudoers file to confirm what privileges are available to you, this command effectively elevates your access rights, thus allowing you to run commands and access files which would otherwise be not available to you.

How sudo command works

The real and effective user id (uid) and group id (gid) are set to match those of the target user as specified in /etc/sudoers file (the safest way to change this file is to use the visudo command – check out the visudo tutorial). The way you use sudo is simple enough: you run this command and specify a command line you’d like to run with the privileges of a different user. Before the requested command is run, you are asked to confirm your identify by providing your user password.

id command, which shows you who you are in your Unix system (user id, user name, group id and other Unix groups you’re member of), is the easiest way to demonstrate how your privileges are elevated. Truly, you become a different Unix user:

$ id
uid=1000(greys) gid=33(www-data) groups=33(www-data),113(admin)
$ sudo id
Password:
uid=0(root) gid=0(root) groups=0(root)

Using sudo in interactive mode

Sometimes you’ll want to run many commands as a different user. Most common scenario for this presents in default sudo installation: you’re encouraged to never become root, but instead use sudo to run commands as root.

When you want to use sudo in interactive mode, you run sudo with the -i parameter. This parameter causes sudo to imitate the initial login sequence – as if you simply log into your Unix system under a different user. The shell of this user is executed, and then you get the command prompt – anything you run after this will be run as the user granted to you by sudo:

$ id
uid=1000(greys) gid=33(www-data) groups=33(www-data),113(admin)
$ sudo -i
Password:
# id
uid=0(root) gid=0(root) groups=0(root)
# groups
root

Editing files with sudo

If instead of running some command as a different user you just want to edit some file which belogs to this user, then you will like the -e option for sudo. When using sudo to edit files, instead of a Unix command you specify the file you’d like to edit:

$  sudo -e /etc/passwd