Cyberithub

10 Popular Examples of sudo command in Linux(RedHat/CentOS 7/8)

by
Advertisements

In this article, we will look into 10 Popular Examples of sudo command in Linux(RedHat/CentOS 7/8). sudo command in Linux is a program used for non-privileged users to provide privileged access of another user, mostly superuser access. In a real world scenario, when you do not want to provide root credentials to another user to perform privileged tasks then it is often preferred to provide sudo access instead.

By providing sudo access to another user you can run privileged commands with sudo command in Linux. It is important to note here that you can perform other important tasks as well using sudo command.

10 Popular Examples of sudo command in Linux(RedHat/CentOS 7/8) 1

sudo command in Linux

26 Popular Rsync Examples for Linux Professionals

1. Change Your Interactive Shell

When you want to change your shell to root interactive shell, then you need to use sudo -i command. This command will change the directory path to /root.

[centos@localhost ~]$ sudo -i
[root@localhost ~]#

-i : Run the shell specified by the target user's password database entry as a login shell. More info on sudo Man Page.

NOTE:

Please note that I have created two user centos and admin for the sake of understanding in which centos user is having sudo access but admin user does not have sudo access. I will be using both users in the below given examples.

2. Switch to superuser without changing your directory path

When you want to login as root user but do not want to change your shell then you need to use sudo -s command as shown below. This command won't change your directory path, only change the login prompt from $ to #.

[centos@localhost ~]$ sudo -s
[root@localhost centos]#

-s : Run the shell specified by the SHELL environment variable if it is set or the shell specified by the invoking user's password database entry.

3. Check sudo command version

To check sudo command version, sudoers policy plugin version, I/O plugin version and file grammar version, you need to use sudo -V command as shown below. As you can see from below output, current sudo version is 1.8.23.

[centos@localhost ~]$ sudo -V
Sudo version 1.8.23
Sudoers policy plugin version 1.8.23
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.23

-V : Print the sudo version string as well as the version string of the security policy plugin and any I/O plugins.

4. Run Linux command with sudo access

You can run any simple command like ls -lrt with sudo access by using sudo ls -lrt command as shown below.

[centos@localhost ~]$ sudo ls -lrt
total 12
-rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 file.txt
-rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 hello.local
-rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 example.java

5. Run command through different User

If you want to run sudo command through different user then you need to use -u option and pass the user name as argument.

[centos@localhost ~]$ sudo -u admin ls -lrt
ls: cannot open directory .: Permission denied

-u : Run the command as a user other than the default target user (usually root).

Now If I run same command through root user, it will show below output.

[centos@localhost ~]$ sudo -u root ls -lrt
total 12
-rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 file.txt
-rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 hello.local
-rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 example.java

6. List User Privileges

If you want to check all the privileges of current user then you can use --list option with sudo command in Linux as shown below. As you can see from below output, currently User centos has (ALL)  NOPASSWD: ALL access.

[centos@localhost ~]$ sudo --list
Matching Defaults entries for centos on localhost:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS",
env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY
LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User centos may run the following commands on localhost:
(ALL) NOPASSWD: ALL

If you pass the user name argument with -u option then --list will show the privileges of that user.

[centos@localhost ~]$ sudo -U admin --list
User admin is not allowed to run sudo on localhost.

-U : Used in conjunction with the -l option to list the privileges for user instead of for the invoking user.

7. Reset User Cache

Whenever you do certain change in sudo configuration file, then you need to restart your system for those changes to take effect. There is an option available with sudo command in Linux which will save you from restarting your System. After completing the changes, you can simply run sudo -k command to invalidate your cache credentials.

[centos@localhost ~]$ sudo visudo
centos ALL=(ALL) NOPASSWD: ALL

centos: name of the user to be allowed to use sudo
ALL: permit sudo access from any terminal ( any machine ).
(ALL) : permit sudo command to be executed as any user.
ALL: permit all commands to be executed.

Save and exit the file.

[centos@localhost ~]$ sudo -k

-k : When used without a command, invalidates the user's cached credentials.

This will clear the existing password cache. Now if you run sudo ls command then you will be able to see the output.

[centos@localhost ~]$ sudo ls

8. Forgot to use sudo command in Linux

Sometimes it might happen that you will forget to use sudo with Linux command. Due to that you will see Permission Denied error as shown below when we tried to open /etc/grub2.cfg file.

[centos@localhost ~]$ cat /etc/grub2.cfg
cat: /etc/grub2.cfg: Permission denied

You can quickly fix above Permission denied error by quickly running sudo !! command which will run your previous command with sudo access as shown below.

[centos@localhost ~]$ sudo !!
sudo cat /etc/grub2.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
set pager=1

if [ -s $prefix/grubenv ]; then
load_env

9. Using sudo command in Linux to edit file with vi editor 

Sometimes you might forgot to use sudo while editing file with vi editor. In that case you won't able to save the file after editing due to lack of permission. So to overcome this situation you can use !sudo tee % with :w to save the file and exit.

:w !sudo tee %

Colon (:) indicates we are in Vim’s ex mode
Exclamation (!) mark indicates that we are running shell command
sudo and tee are the shell commands
Percentage (%) sign indicates all lines from current line

10. Check other options of sudo command in Linux

You can check all the other options that can be used with sudo command in Linux using --help flag as shown below.

[centos@localhost ~]$ sudo --help
sudo - execute a command as another user

usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...

Options:
-A, --askpass use a helper program for password prompting
-b, --background run command in the background
-C, --close-from=num close all file descriptors >= num
-E, --preserve-env preserve user environment when running command
--preserve-env=list preserve specific environment variables
-e, --edit edit files instead of running a command
-g, --group=group run command as the specified group name or ID
-H, --set-home set HOME variable to target user's home dir
-h, --help display help message and exit
-h, --host=host run command on host (if supported by plugin)
-i, --login run login shell as the target user; a command may also be specified
-K, --remove-timestamp remove timestamp file completely
-k, --reset-timestamp invalidate timestamp file
-l, --list list user's privileges or check a specific command; use twice for longer format
-n, --non-interactive non-interactive mode, no prompts are used
-P, --preserve-groups preserve group vector instead of setting to target's
-p, --prompt=prompt use the specified password prompt
-r, --role=role create SELinux security context with specified role
-S, --stdin read password from standard input sudo command in Linux
-s, --shell run shell as the target user; a command may also be specified
-t, --type=type create SELinux security context with specified type
-T, --command-timeout=timeout terminate command after the specified time limit
-U, --other-user=user in list mode, display privileges for user
-u, --user=user run command (or edit file) as specified user name or ID
-V, --version display version information and exit
-v, --validate update user's timestamp without running a command
-- stop processing command line arguments

--help : Display a short help message to the standard output and exit.

 

Recommended Posts:-

what is wget and how to use wget command in Linux(20 Popular wget examples)

Popular firewalld examples to open a port on RedHat/CentOS 7

8 Most Popular mkdir command in Linux with Examples

26 Useful Firewall CMD Examples on RedHat/CentOS 7

12 Most Popular rm command in Linux with Examples

9 useful w command in Linux with Examples

8 Popular chkconfig command examples on RedHat/CentOS 7

5 Easy Steps to recover LVM2 Partition , PV , VG , LVM metadata in Linux

Leave a Comment