≑ Menu

7 Linux sudo Command Tips and Tricks

Using sudo command, an user can execute root only commands.

In this article, let us review how to setup sudo environment along with some sudo command examples, tips, and tricks.

1. Set up sudo Environment in /etc/sudoers

You can provide sudo privilege to an individual user or a group by modifying /etc/sudoers.

sudo access to an user

To provide sudo access to an individual user, add the following line to the /etc/sudoers file.

sathiya    ALL=(ALL) ALL

In the above example:

  • sathiya : name of user to be allowed to use sudo
  • ALL : Allow sudo access from any terminal ( any machine ).
  • (ALL) : Allow sudo command to be executed as any user.
  • ALL : Allow all commands to be executed.

sudo access to a group

To provide sudo access to a group, add the following line to the /etc/sudoers file.

%programmers    ALL=(ALL) ALL

In the above example:

  • programmers : name of group to be allowed to use sudo. Group name should be preceded with percentage symbol.
  • ALL : Allow sudo access from any terminal ( any machine ).
  • (ALL) : Allow sudo command to be executed as any user.
  • ALL : Allow all commands to be executed.

Note: Ubuntu users are already familiar with sudo command, as you’ll use sudo apt-get install to install any package. On Ubuntu, sudo is already setup for your username as shown below. i.e All users who belong to admin group has access to execute root commands using sudo.

$ sudo cat /etc/sudoers
%admin ALL=(ALL) ALL

$ grep admin /etc/group
admin:x:115:sathiya

2. Executing a command as super user

Once the sudo access is provided to your account in /etc/sudoers, you can pass any root command as an argument to the sudo command. For example, mount can only be done by root. But, a normal user can do mount as shown below using sudo.

$ sudo mount /dev/sda3 /mnt

Note: If you are executing sudo for the first time in a shell it will ask for the password ( current user password ) by default.

3. Forgot to Use Sudo in Vim? No Worries. Save file Trick in vim with sudo

When you have opened a file that can be saved only by root user using vim (without using the sudo command), you can do the following.

For example, if you want to edit the file /etc/group that can only be saved by root user, you typically do the following. When you do a :w, no problem, it will work, as it was opened using sudo command.

$ sudo vim /etc/group
:w

What if you’ve forgot to give sudo when you’ve opened the /etc/group file as shown below? In this case, instead of coming out of the file (and loosing all your changes) and executing the vim command with sudo, you can do the following.

$ vim /etc/group

:w !sudo tee %

Note: “:w !sudo tee %” will save the file as root privilege, even if you didn’t use sudo command to open it.

4. Forgot to give sudo for root command? Do it again using !!

If you’ve forgot to give sudo for a command that requires root privilege, instead of typing the command with sudo again, you can simply do sudo !! as shown below.

$ head -n 4 /etc/sudoers
head: cannot open `/etc/sudoers' for reading: Permission denied

$ sudo !!
sudo head -n 4 /etc/sudoers
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#

5. Get Root Shell Access using Sudo

To get a root shell from your user account, do the following.

$ sudo bash

Once you get the root shell, you can execute any root command without having to enter sudo in front of it every time.

6. Built in commands won’t work with Sudo – Command not found

sudo invokes an executable as the another user, so bash built in commands won’t work. It will give “sudo command not found” error as shown below.

For example, umask is a bash built-in command, which will not work when used along with sudo as shown below.

$ sudo umask
sudo: umask: command not found

Work-around: To use bash shell built-in command in sudo, first get the root shell, by doing ‘sudo bash’ and then execute the shell built in command.

7. View Unauthorized Sudo command executions from auth.log

When an user who doesn’t have sudo permission, tries to execute sudo command, they’ll get following error message.

$ sudo ls /
[sudo] password for test:
raj is not in the sudoers file.  This incident will be reported.

Anytime this happens, it will be logged in the /var/log/auth.log file for sysadmins to view any unauthorized sudo access.

Sep 25 18:41:35 sathiya sudo:   raj : user NOT in sudoers ; TTY=pts/4 ; PWD=/home/raj ; USER=root ; COMMAND=/bin/ls /
Add your comment

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

Comments on this entry are closed.

  • Oliver September 27, 2010, 1:05 am

    Greate article, thanks! But shouldn’t that be “sudo apT-get install..” on Ubuntu in Paragraph 1? πŸ™‚

  • Dmitri Minaev September 27, 2010, 1:44 am

    When sudo is used with I/O redirection (sudo ls >ls.txt), the system applies ‘sudo’ to the first command only, while the output is performed with the permissions of the current user. To redirect the output of the command using administrator’s permissions, pass the full command to the shell, executed with sudo:

    sudo sh -c “ls >ls.txt”

  • diptanu September 27, 2010, 4:25 am

    Hi,
    is it possible to assign a specific user the sudo perimission of a specific command (with specific switch options only)
    like , the user xyz should be able to execute kill -9 with sudo. ie the target is the user xyz should be given a sudo authority to kill a specific process with a specific trap only(siginit), then he should not be able to kill bash itself, like kill -9 1 (init). in that case how to define the user config in sudo file.
    Thanks for your help

  • Vagn BjΓΈrno September 27, 2010, 4:36 am

    Thanks a lot – especially for 4 + 5 – those two are mistakes, that I make every so often, now I have a way to correct it – great

  • James McCluskey September 27, 2010, 7:01 am

    I enjoy your tips very much – keep up the good work.

    I used to get a print option which allow me to save your articles in pdf format
    I don’t seem to have that option any more.

    Any ideas?

    PS: My apologies if it’s something basic – I confess to being a bit of a novice.

  • T September 27, 2010, 10:24 am

    Great stuff as usual!

  • Jim Douglas September 27, 2010, 10:48 am

    sudo !! That’s great!!

  • Pete VM September 27, 2010, 12:22 pm

    Any user that is allowed unrestricted sudo access can become root by typing:
    sudo su –
    That’s why learning to restrict which commands users can run with sudo is very important.

  • John Ortiz September 28, 2010, 7:52 am

    Excellent guide. I use command lines frequently, and they are a powerful way to control the OS. Thanks!

  • Karthigayan October 18, 2010, 10:16 pm

    Nice and useful article .

  • pawan sirohi June 6, 2012, 10:22 am

    Excellent and usefull complete way to control the oprating system

  • Jan Drasnar August 29, 2012, 1:41 am

    Awesome help guides, thanks for posting.
    Cheers
    Jan

  • Anonymous December 8, 2012, 1:56 am

    i want to grant all sap users to sudo su – some accounts ?

  • Neha January 2, 2013, 12:23 am

    bash-3.00$ sudo passwd user9
    bash: sudo: command not found

    bash-3.00$ uname -a
    SunOS support 5.10 Generic_142909-17 sun4u sparc SUNW,Sun-Fire-V240
    bash-3.00$

    sudo package already installed. But still facing this issue.

    sudoers file entry:
    User_Alias RW = user1
    Cmnd_Alias PSWD = /usr/bin/passwd
    RW ALL= PSWD

    Please suggest.

  • Anonymous January 15, 2013, 7:36 am

    You are not using full path of command. try sudo /usr/bin/passwd user9
    #which passwd
    #/usr/bin/passwd

  • Biswajit July 20, 2013, 7:06 am

    Easy to understand and clearly described πŸ™‚

  • abc September 25, 2014, 2:21 am

    Hi,
    is it possible to assign a specific user the sudo perimission of a specific command (with specific switch options only)
    like , the user xyz should be able to execute kill -9 with sudo. ie the target is the user xyz should be given a sudo authority to kill a specific process with a specific trap only(siginit), then he should not be able to kill bash itself, like kill -9 1 (init). in that case how to define the user config in sudo file.
    Thanks for your help

  • rajavel September 22, 2015, 3:15 am

    i have one common user (user1) #default login without password
    two admin user (admin1, admin2)
    1) user1 should allow to login admin1 and admin2 (with “su – admin1”, “su – admin2” command)
    2) admin1 and admin2 only should allow login to root (with “su – root” command)

    user1 —-> admin1 ——> root
    user11 —–> admin2 ——> root

    i want to trace which admin use root shell in which time…

  • anon February 5, 2016, 1:30 pm

    Instead of
    $ sudo vim

    try the newer and more secure, purpose-built sudoedit command in your sudoers file

    man sudoedit for info

  • sujith June 29, 2016, 4:59 am

    What is the difference between sudo -i and sudo -s ?

  • Ramaswawmy May 13, 2017, 11:13 pm

    Hi,

    What does it mean, if I give sudo privileges like %programmers ALL=(root) ALL