Skip to content

Latest commit

 

History

History
295 lines (192 loc) · 7.42 KB

Sudo-Command.md

File metadata and controls

295 lines (192 loc) · 7.42 KB

Understanding and Using the sudo Command in Linux

This guide provides an overview of the sudo command in Linux, explaining its purpose, how to install it if necessary, and how to use its various options to execute commands with elevated privileges.

Introduction to sudo

The sudo command allows a permitted user to execute a command as the superuser (root) or another user, as specified by the security policy. It is a fundamental tool for managing administrative tasks while minimizing security risks.

Availability of sudo on Different Linux Distributions

Client-Oriented Linux Distributions (Pre-configured sudo)

  • Examples: Ubuntu Desktop, Linux Mint, Fedora Workstation, openSUSE Leap.
  • Characteristics:
    • sudo is pre-installed and pre-configured for convenience.
    • An initial user is created and added to the sudo or wheel group during installation.
    • The /etc/sudoers file is configured to allow users in the sudo or wheel group to run all commands with sudo.
    • Password prompts and timeouts are set for security.

Server-Oriented Linux Distributions (sudo Not Pre-configured)

  • Examples: Ubuntu Server, Debian Server, CentOS, Red Hat Enterprise Linux (RHEL), Fedora Server.
  • Characteristics:
    • sudo is often not pre-installed or pre-configured.
    • Manual installation and configuration are required.
    • Provides enhanced security and customization options.

Installing sudo

Check if sudo is Installed

rpm -qa | grep sudo
  • If installed, you will see an output like sudo-1.9.5p2-10.el9.x86_64.

Install sudo (if not installed)

For RPM-based distributions (e.g., RHEL, CentOS):

yum install sudo

For DEB-based distributions (e.g., Debian, Ubuntu):

apt-get install sudo

Verify Installation

List all files provided by the sudo package:

rpm -ql sudo

View configuration files of sudo:

rpm -qc sudo

Sample Output:

/etc/dnf/protected.d/sudo.conf
/etc/pam.d/sudo
/etc/pam.d/sudo-i
/etc/sudo-ldap.conf
/etc/sudo.conf
/etc/sudoers

Using the sudo Command

Command Syntax

sudo [options] [command]

Common Options

Option Description Example Explanation
-l Lists allowed and forbidden commands for the user. sudo -l Shows commands the user can execute with sudo as per the sudoers configuration.
-u <user> Executes the command as a specified user (default: root). sudo -u john whoami Runs whoami as the user john.
-g <group> Executes the command with a specified group. sudo -g developers id Runs id with the group set to developers.
-i Starts an interactive shell as the specified user (or root). sudo -i Opens a root shell with the environment of the root user.
-s Starts a shell with the user's environment but with elevated privileges. sudo -s Opens a shell with the original user's environment variables.
-k Invalidates cached credentials, requiring password reauthentication. sudo -k Ensures the next sudo command requires authentication.
-b Runs the command in the background. sudo -b sleep 60 Executes sleep 60 in the background with elevated privileges.
-E Preserves the user's environment variables when running the command. sudo -E env | grep HOME Displays the HOME environment variable of the original user.
-- Stops processing options for sudo and treats subsequent arguments as part of the command. sudo -- ls --color=auto Ensures --color=auto is passed to ls.
--help Displays help information for sudo and its options. sudo --help Shows a brief summary of sudo usage and available options.
--version Displays the version information of sudo. sudo --version Outputs the current version of the sudo package.

Detailed Explanation of Options

1. List Allowed and Forbidden Commands: -l or --list

sudo -l
  • Description: Displays the commands the user is allowed (or not allowed) to execute with sudo.
  • Use Case: Verify your sudo privileges.

2. Execute Command as Another User: -u <user>

sudo -u john whoami
  • Description: Runs whoami as the user john.
  • Default: If -u is not specified, sudo runs the command as root.

3. Execute Command with Another Group: -g <group>

sudo -g developers id
  • Description: Runs id with the group set to developers.

4. Start an Interactive Shell as Another User: -i

sudo -i
  • Description: Opens a login shell as root, loading root's environment.

5. Start a Shell with Current User's Environment: -s

sudo -s
  • Description: Opens a shell with the current user's environment but with elevated privileges.

6. Invalidate Cached Credentials: -k

sudo -k
  • Description: Forces sudo to forget the user's cached credentials, requiring reauthentication next time.

7. Run Command in the Background: -b

sudo -b sleep 60
  • Description: Executes sleep 60 in the background with elevated privileges.

8. Preserve Environment Variables: -E

sudo -E env | grep HOME
  • Description: Retains the user's environment when running the command.

9. Stop Processing Options: --

sudo -- ls --color=auto
  • Description: Ensures that options after -- are passed to the command, not interpreted by sudo.

10. Display Help Information: --help

sudo --help
  • Description: Shows available options and usage information for sudo.

Common Usage Examples

1. Running a Single Command as root

sudo apt-get update
  • Explanation: Updates package lists as the root user.

2. Editing a System File

sudo nano /etc/hosts
  • Explanation: Opens /etc/hosts for editing with elevated privileges.

3. Restarting a Service

sudo systemctl restart nginx
  • Explanation: Restarts the nginx service as root.

4. Viewing System Logs

sudo less /var/log/syslog
  • Explanation: Views the system log file with read privileges.

5. Adding a User to the sudo Group

sudo usermod -aG sudo username
  • Explanation: Adds username to the sudo group, granting sudo privileges.

Managing sudo Privileges

Checking sudo Privileges

sudo -l
  • Description: Lists the commands you are permitted to run with sudo.

Sample Output:

Matching Defaults entries for alice on this host:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

User alice may run the following commands on this host:
    (ALL) ALL

Running Commands as Another User

sudo -u user1 id
  • Description: Runs the id command as user1.

Running Commands with a Specific Group

sudo -g hr id
  • Description: Runs the id command with the group set to hr.

Starting a Shell as Another User

sudo -u user1 -s /bin/bash
  • Description: Starts a bash shell as user1.

Files Related to sudo

  • Configuration Files:

    • /etc/sudoers: Main configuration file for sudo.
    • /etc/sudoers.d/: Directory for additional sudo configuration files.

  • Log Files:

    • /var/log/auth.log (Debian/Ubuntu) or /var/log/secure (RHEL/CentOS): Logs sudo usage and authentication attempts.