The sudo command in Linux allows users to execute administrative tasks securely without logging in as the root user. It provides controlled privilege escalation using the /etc/sudoers configuration. In this guide, you’ll learn sudo syntax, common use cases, and a quick cheat sheet for daily administration.
sudo Command - Quick Cheat Sheet
| Task | Command |
|---|---|
| Run command as root | sudo command |
| Run as another user | sudo -u user command |
| Open root login shell | sudo -i |
| Open temporary root shell | sudo -s |
| List sudo privileges | sudo -l |
| List privileges for another user | sudo -l -U user |
| Edit sudoers file safely | sudo visudo |
| Edit files with sudo | sudo -e file |
| Refresh cached credentials | sudo -v |
| Reset cached password | sudo -k |
| Remove cached credentials completely | sudo -K |
| Run command in background | sudo -b command |
Execute commands with elevated privileges (as root user)
By default, sudo executes commands as the root user when no target user is specified. This allows normal users to perform administrative tasks without logging in as root.
sudo whoamiOutput:
rootThis behavior is commonly used to perform tasks that require elevated permissions such as accessing restricted files or modifying system configurations.
Execute commands as another user
Use sudo -u to switch user context
The -u option allows execution of commands as a different user instead of root.
sudo -u username whoamiExample:
sudo -u nobody whoamiRun commands with specific user ID or username
You can specify either a username or UID to run commands under a different identity.
sudo -u 1001 idThis is useful for testing permissions or executing commands in another user's environment.
Control sudo session and authentication
Cache credentials using sudo -v
The -v option updates the user's cached credentials without running a command. This avoids repeated password prompts within the timeout period.
sudo -vThis is commonly used before running multiple sudo commands.
Reset authentication using sudo -k and sudo -K
These options control sudo session timeout and credential caching.
sudo -k- Invalidates cached credentials (next sudo requires password)
sudo -K- Removes cached credentials completely
These options are useful for improving security, especially on shared systems.
Inspect and validate sudo permissions
List allowed commands using sudo -l
The -l option lists all commands a user is allowed to run with sudo.
sudo -lThis helps verify access before executing privileged commands.
Check privileges for another user using sudo -U
You can check sudo privileges of another user (requires appropriate permissions).
sudo -l -U usernameThis is useful for auditing user access.
Start privileged shell sessions
Use sudo -i for login shell
Starts a full login shell as root with root environment.
sudo -iUse sudo -s for non-login shell
Starts a shell with elevated privileges but retains current user environment.
sudo -sCompare sudo -i vs sudo -s behavior
| Feature | sudo -i | sudo -s |
|---|---|---|
| Shell type | Login shell | Non-login shell |
| Environment | Root environment | Current user environment |
| HOME | /root | User home |
| Use case | Full admin session | Quick tasks |
Modify and manage sudo configuration
Edit sudoers safely using visudo
Always use visudo to edit sudo configuration safely.
sudo visudoUse /etc/sudoers.d for modular configuration
Instead of editing the main file, create separate config files.
sudo visudo -f /etc/sudoers.d/customDefine custom rules and command restrictions
Example rule:
username ALL=(ALL) /usr/bin/systemctlThis allows limited command execution instead of full access.
Control command execution behavior
Run commands in background using sudo -b
Execute commands in background.
sudo -b commandUse non-interactive mode with sudo -n
Prevents sudo from prompting for password.
sudo -n commandHandle command parsing using sudo --
Stops sudo from interpreting command options.
sudo -- commandUseful when command contains special flags.
Handle environment variables with sudo
Preserve environment variables using sudo -E
The sudo -E option allows you to preserve environment variables when running commands with sudo. By default, sudo clears most environment variables for security, so using -E is useful when scripts or applications depend on custom variables.
sudo -E commandExample:
export MY_VAR=test
sudo -E bash -c 'echo $MY_VAR'Set correct home directory using sudo -H
The sudo -H option sets the HOME environment variable to the target user's home directory (usually /root). This prevents permission issues when running applications that rely on correct home paths.
sudo -H commandExample:
sudo -H bash -c 'echo $HOME'Pass custom environment variables to commands
You can pass environment variables inline while executing a command with sudo. This is useful for temporarily modifying PATH or other runtime configurations.
sudo VAR=value commandExample:
sudo PATH=$PATH:/custom/bin commandCompare environment behavior with and without sudo
You can compare how environment variables change when using sudo. This helps in debugging issues related to missing variables.
env
sudo envUse sudo in automation and scripts
Configure passwordless execution (NOPASSWD)
Add rule in sudoers:
username ALL=(ALL) NOPASSWD: ALLAvoid interactive prompts in scripts
Use non-interactive mode:
sudo -n commandTroubleshoot sudo issues and errors
Debug permission denied errors
Ensure user is part of sudo group:
groups usernameFix sudoers syntax issues
Always use:
visudoIncorrect syntax can break sudo access.
Handle missing sudo or misconfiguration
Install sudo if missing:
apt install sudoor
yum install sudoFrequently Asked Questions
1. What is sudo command in Linux?
sudo allows a permitted user to execute commands as root or another user without logging in as that user.2. What is the difference between sudo -i and sudo -s?
sudo -i starts a login shell as root, while sudo -s starts a shell with root privileges but keeps the current environment.3. How to list sudo privileges for a user?
Use sudo -l to list all commands a user is allowed to run with sudo.4. How to add user to sudoers file?
Use visudo or add the user to sudo or wheel group depending on your Linux distribution.5. Why sudo command is not working?
It may fail due to missing permissions, incorrect sudoers configuration, or user not being part of sudo group.Summary
The sudo command is an essential tool in Linux for securely executing administrative tasks without logging in as the root user. It provides controlled privilege escalation using the /etc/sudoers configuration, ensuring better security and accountability.
In this guide, you learned how to use sudo with practical examples, manage user privileges, handle permissions, work with environment variables, and use sudo in scripts and automation. Understanding these concepts will help you perform daily system administration tasks more efficiently and securely.
Official Documentation
For more details, refer to the official sudo documentation:
