In this article, we will look into 10 Popular Examples of sudo command in Linux(RedHat/CentOS 7/8). sudo command in Linux is a program used for non-privileged users to provide privileged access of another user, mostly superuser access. In a real world scenario, when you do not want to provide root credentials to another user to perform privileged tasks then it is often preferred to provide sudo access instead.
By providing sudo access to another user you can run privileged commands with sudo command in Linux. It is important to note here that you can perform other important tasks as well using sudo command.
sudo command in Linux
1. Change Your Interactive Shell
When you want to change your shell to root interactive shell, then you need to use
sudo -i command. This command will change the directory path to
[centos@localhost ~]$ sudo -i [root@localhost ~]#
-i : Run the shell specified by the target user’s password database entry as a login shell. More info on sudo Man Page.
adminfor the sake of understanding in which
centosuser is having sudo access but
adminuser does not have sudo access. I will be using both users in the below given examples.
2. Switch to superuser without changing your directory path
When you want to login as root user but do not want to change your shell then you need to use
sudo -s command as shown below. This command won’t change your directory path, only change the login prompt from
[centos@localhost ~]$ sudo -s [root@localhost centos]#
-s : Run the shell specified by the SHELL environment variable if it is set or the shell specified by the invoking user’s password database entry.
3. Check sudo command version
To check sudo command version, sudoers policy plugin version, I/O plugin version and file grammar version, you need to use
sudo -V command as shown below. As you can see from below output, current sudo version is
[centos@localhost ~]$ sudo -V Sudo version 1.8.23 Sudoers policy plugin version 1.8.23 Sudoers file grammar version 46 Sudoers I/O plugin version 1.8.23
-V : Print the sudo version string as well as the version string of the security policy plugin and any I/O plugins.
4. Run Linux command with sudo access
You can run any simple command like
ls -lrt with
sudo access by using
sudo ls -lrt command as shown below.
[centos@localhost ~]$ sudo ls -lrt total 12 -rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 file.txt -rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 hello.local -rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 example.java
5. Run command through different User
If you want to run sudo command through different user then you need to use
-u option and pass the user name as argument.
[centos@localhost ~]$ sudo -u admin ls -lrt ls: cannot open directory .: Permission denied
-u : Run the command as a user other than the default target user (usually root).
Now If I run same command through
root user, it will show below output.
[centos@localhost ~]$ sudo -u root ls -lrt total 12 -rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 file.txt -rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 hello.local -rw-rw-r-- 1 centos centos 3893 Apr 17 16:15 example.java
6. List User Privileges
If you want to check all the privileges of current user then you can use
--list option with sudo command in Linux as shown below. As you can see from below output, currently User
(ALL) NOPASSWD: ALL access.
[centos@localhost ~]$ sudo --list Matching Defaults entries for centos on localhost: !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin User centos may run the following commands on localhost: (ALL) NOPASSWD: ALL
If you pass the user name argument with
-u option then
--list will show the privileges of that user.
[centos@localhost ~]$ sudo -U admin --list User admin is not allowed to run sudo on localhost.
-U : Used in conjunction with the -l option to list the privileges for user instead of for the invoking user.
7. Reset User Cache
Whenever you do certain change in sudo configuration file, then you need to restart your system for those changes to take effect. There is an option available with sudo command in Linux which will save you from restarting your System. After completing the changes, you can simply run
sudo -k command to invalidate your cache credentials.
[centos@localhost ~]$ sudo visudo centos ALL=(ALL) NOPASSWD: ALL centos: name of the user to be allowed to use sudo ALL: permit sudo access from any terminal ( any machine ). (ALL) : permit sudo command to be executed as any user. ALL: permit all commands to be executed.
Save and exit the file.
[centos@localhost ~]$ sudo -k
-k : When used without a command, invalidates the user’s cached credentials.
This will clear the existing password cache. Now if you run
sudo ls command then you will be able to see the output.
[centos@localhost ~]$ sudo ls
8. Forgot to use sudo command in Linux
Sometimes it might happen that you will forget to use sudo with Linux command. Due to that you will see
Permission Denied error as shown below when we tried to open
[centos@localhost ~]$ cat /etc/grub2.cfg cat: /etc/grub2.cfg: Permission denied
You can quickly fix above Permission denied error by quickly running
sudo !! command which will run your previous command with sudo access as shown below.
[centos@localhost ~]$ sudo !! sudo cat /etc/grub2.cfg # # DO NOT EDIT THIS FILE # # It is automatically generated by grub2-mkconfig using templates # from /etc/grub.d and settings from /etc/default/grub # ### BEGIN /etc/grub.d/00_header ### set pager=1 if [ -s $prefix/grubenv ]; then load_env
9. Using sudo command in Linux to edit file with vi editor
Sometimes you might forgot to use sudo while editing file with vi editor. In that case you won’t able to save the file after editing due to lack of permission. So to overcome this situation you can use
!sudo tee % with
:w to save the file and exit.
:w !sudo tee %
Colon (:) indicates we are in Vim’s ex mode
Exclamation (!) mark indicates that we are running shell command
tee are the shell commands
Percentage (%) sign indicates all lines from current line
10. Check other options of sudo command in Linux
You can check all the other options that can be used with sudo command in Linux using
--help flag as shown below.
[centos@localhost ~]$ sudo --help sudo - execute a command as another user usage: sudo -h | -K | -k | -V usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user] usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command] usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [<command>] usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ... Options: -A, --askpass use a helper program for password prompting -b, --background run command in the background -C, --close-from=num close all file descriptors >= num -E, --preserve-env preserve user environment when running command --preserve-env=list preserve specific environment variables -e, --edit edit files instead of running a command -g, --group=group run command as the specified group name or ID -H, --set-home set HOME variable to target user's home dir -h, --help display help message and exit -h, --host=host run command on host (if supported by plugin) -i, --login run login shell as the target user; a command may also be specified -K, --remove-timestamp remove timestamp file completely -k, --reset-timestamp invalidate timestamp file -l, --list list user's privileges or check a specific command; use twice for longer format -n, --non-interactive non-interactive mode, no prompts are used -P, --preserve-groups preserve group vector instead of setting to target's -p, --prompt=prompt use the specified password prompt -r, --role=role create SELinux security context with specified role -S, --stdin read password from standard input sudo command in Linux -s, --shell run shell as the target user; a command may also be specified -t, --type=type create SELinux security context with specified type -T, --command-timeout=timeout terminate command after the specified time limit -U, --other-user=user in list mode, display privileges for user -u, --user=user run command (or edit file) as specified user name or ID -V, --version display version information and exit -v, --validate update user's timestamp without running a command -- stop processing command line arguments
--help : Display a short help message to the standard output and exit.