Executing commands in privilege mode is crucial while using fragile parts of the system. For instance, creating or removing something usually requires admin privileges as we cannot allow all the users access to all the functions of the system. The admin rights in Linux are given using the sudo command. In this article, we will discuss the importance and options related to the sudo command.
What is the sudo command?
In Linux, the sudo (Super User DO) command is commonly used as a prefix to a command that only superusers are permitted to run. If you use the prefix "sudo" before any command, it will run it with elevated privileges, allowing a user with the necessary rights to run a command as another user, such as the superuser. This is the Windows version of the "run as administrator" option. We can have several administrators in a system.
The sudoers file, stored at "/etc/sudoers," must contain an entry for each user who may use the sudo command. Remember to use the sudo command to change or inspect the sudoers file. The "visudo" command is suggested for editing the sudoers file.
By default, sudo requires users to authenticate with a password that is the user's password rather than the root password. The sudo command, after successful execution, exists with the return value of 0.
The syntax for this command is:
$ sudo -V | -h | -l | -v | -k | -K | -s | [ -H ] [-P ] [-S ] [ -b ] | [ -p prompt ] [ -c class|- ] [ -a auth_type ] [-r role ] [-t type ] [ -u username|#uid ] commandsudo -V | -h | -l | -L | -v | -k | -K | -s | [ -H ] [-P ] [-S ] [ -b ] | [ -p prompt ] [ -c class|- ] [ -a auth_type ] [-r role ] [-t type ] [ -u username|#uid ] command
Options available with the sudo command
This option is used to print the version of the sudo command.
The -l (list) option prints out the commands that the user is permitted to use on the current host.
3. -h or –help
The -h (help) option is used to get help and options for the sudo command.
If the -v (validate) option is specified, sudo will update the user's timestamp and, if required, request the user's password. This increases the sudo timeout by 5 minutes (or as specified in sudoers), but it does not execute any commands. There is no output from this.
The sudo -k (kill) option is used to delete the current session of the admin. As a result, a password will be required the next time sudo is performed.
Like the -k option, the -K (sure kill) option removes the user's timestamp completely. Similarly, no password is required for this option.
The - b (background) option instructs sudo to execute the specified command in the background without needing the user interaction
The - p (prompt) option allows you to use a custom password prompt instead of the default one. The percent escapes listed below are supported:
The login name of the invoking user is extended to %u;
The login name of the user who will perform the command (which is usually root) is extended to %U.
The local hostname is enlarged without the domain name when %h is used;
If the machine's hostname is fully qualified or the "fqdn" sudoers option is selected, %H expands to the local hostname, including the domain name.
Two consecutive % characters are crushed into a single percent character in %%.
Use the - n option to run the command without requesting for a password, as seen below. This comes in handy when we want to perform some sudo commands in the background (or in a shell script) and don't want sudo to ask for the password. The -n option means "non-interactive."
10. -u (user)
The - u (user) argument instructs sudo to perform the provided command as a non-root user. Use #uid instead of a username to supply an uid.
11. -s (shell)
If the SHELL environment variable is set, or if the file passwd is supplied, the - s (shell) option executes the shell defined in the file passwd.
12. -H (HOME)
The - H (HOME) option sets the HOME environment variable to the target user's (root by default) home directory as defined in passwd. Sudo does not change HOME by default.
13. -S (stdin)
The - S (stdin) option instructs sudo to get the password from standard input rather than the terminal device.
The - a (authentication type) option instructs sudo to validate the user using the given authentication type, as permitted by /etc/login.conf. By adding a "auth-sudo" line to /etc/login.conf, the system administrator can define a list of sudo-specific authentication methods.
The – option tells sudo to stop processing command line arguments. It works well when used with the - s flag.
This option is used to restart the system
$ sudo shutdown -r now
In this article, we discussed the sudo command in Linux, which is used to perform root tasks after authentications. There can be multiple users with admin rights. We also discussed various options related to the sudo command.
People are also reading: