Americas

  • United States
sandra_henrystocker
Unix Dweeb

5 tricks for using the sudo command

How-To
Nov 13, 20174 mins
LinuxUbuntu

Some helpful hints for using sudo — the command that allows admins to administer user system privileges

The sudoers file can provide detailed control over user privileges, but with very little effort, you can still get a lot of benefit from sudo. In this post, we’re going to look at some simple ways to get a lot of value out of the sudo command in Linux.

Trick 1: Nearly effortless sudo usage

The default file on most Linux distributions makes it very simple to give select users the ability to run commands as root. In fact, you don’t even have to edit the /etc/sudoers file in any way to get started. Instead, you just add the users to the sudo or admin group on the system and you’re done.

Adding users to the sudo or admin group in the /etc/group file gives them permission to run commands using sudo.

$ grep sudo /etc/group
sudo:x:27:shs,jdoe,peanut

Assuming the standard /etc/sudoers setup, they should immediately be able to start using sudo commands once this change has been made. The privileges are derived through a line like this in the /etc/sudoers file:

%sudo   ALL=(ALL:ALL) ALL

The $sudo (or %admin) part of this line is a reference to the sudo (or admin) group. The rest of the line allows members of this group to run any command as any user. This much is built in. If you don’t want anyone to have this ability, don’t put anyone in the sudo (or admin) group on your system and this privilege level will not be implemented.

$ sudo whoami
[sudo] password for shs:
root

Trick 2: Running commands as other users — not just root

While most people use sudo access to run commands as root, it also allows you to run commands as other users. Just use the -u option with the sudo command and specify the username.

$ sudo -u jdoe whoami
[sudo] password for shs:
jdoe

Trick 3: Changing the default editor for the visudo command

The /etc/sudoers file should always be modified using the visudo command because this command helps to keep you from causing configuration errors that might make the resultant file unusable (i.e., it can break sudo). If the editor used by default is one that you’re not comfortable using, you can change it with this command:

sudo update-alternatives --config editor

This command will display a list of editors with the current one marked with an asterisk and allows you to select the one that you prefer.

$ sudo update-alternatives --config editor
[sudo] password for shs:
There are 3 choices for the alternative editor (providing /usr/bin/editor).

  Selection    Path               Priority   Status
------------------------------------------------------------
* 0            /bin/nano           40        auto mode
  1            /bin/ed            -100       manual mode
  2            /bin/nano           40        manual mode
  3            /usr/bin/vim.tiny   10        manual mode

Press  to keep the current choice[*], or type selection number:

Trick 4: Switching to root

There are times when prefacing every command with “sudo” gets in the way of getting your work done. With a default /etc/sudoers configuration and membership in the sudo (or admin) group, you can assume root control using the command sudo su –. Extra care should always be taken when using the root account in this way.

$ sudo -i -u root
[sudo] password for jdoe:
root@stinkbug:~#

Trick 5: Fixing a corrupt /etc/sudoers file

A corrupt /etc/sudoers file can keep sudo from working and really mess up your day. Fortunately, there are some ways around this that don’t involve a lot of work, and the visudo command provides some details on the problems needing to be fixed.

The problem

shs@stinkbug:/etc$ sudo date
>>> /etc/sudoers: syntax error near line 3 

The fix

shs@stinkbug:/etc$ pkexec visudo
>>> /etc/sudoers: syntax error near line 3 

More complex sudo options

In future posts, we'll look at how sudo can be used to provide more fine-grained options for controlling sudo privileges.

2-Minute Linux Tip: Learn how to use the alias command

sandra_henrystocker
Unix Dweeb

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she's chasing the bears away from her bird feeders.

The opinions expressed in this blog are those of Sandra Henry-Stocker and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.