Consider the above comic from the excellent XKCD webcomic. The lazy fellow in the chair wants their friend to make them a sandwich, but they lack the authority to make them do it. That is, until he invokes the mighty sudo command. After which, a sandwich will be made one way or another. 

While trying sudo on a person in real life probably won’t be as effective, it’s the magic command that gets past every roadblock in the world of Linux. What is sudo? Why does it even exist? The answer lies in how Linux handles permissions.

Table of Contents
    This cartoon is Creative Commons Attribution-Noncommercial by XKCD

    Understanding Linux User Permissions

    Linux is considered a secure operating system due to how it handles permissions. While operating systems such as macOS (which shared an ancestor with Linux) and Windows are now more like Linux in this regard, the Open Source operating system is still somewhat unique.

    Understanding how Linux handles permissions makes it a lot easier to get your head around the sudo command. All modern operating systems have an “administrator” or “root” user permissions level. If you have an admin or root account, you can change any setting, delete any data and generally do whatever you like with the computer. 

    That includes things that you probably shouldn’t do that can lead to data loss or the need for a complete wipe and reinstallation.

    Linux doesn’t make root user level permissions the default. Instead, your account can’t get at the really sensitive parts of the system without elevating your permission level. That means the system will ask you to enter the administrator password when you want to do something out of the ordinary using a graphical interface. 

    However, when you want to use the Terminal command line to get things done, sudo is the safest and most efficient way to go about it.

    Sudo and the Terminal

    There are two ways to give yourself elevated permissions in Linux. One is to log in as the root user permanently. The problem with this is that anyone else who may access the computer can wreak havoc, and even you can do it by accident. Sudo elevates your permissions only for a short time to execute the specific commands that follow it.

    Sudo Syntax

    Sudo’s syntax (the command’s format) is simple. Simply type “sudo” followed by the command you want to execute.

    For example, “sudo apt-get update” will update all of the app repositories listed in the relevant file. If you tried to run it without sudo, you’d get an error message telling you that you don’t have permission. Incidentally, this is generally the first sudo command you’ll want to run after a fresh installation of your favorite Linux distro. 

    The “Su” in Sudo

    The “su” in sudo is short for “superuser” and it is a standalone command. The “su” command lets you change which user’s privileges sudo elevates you to. 

    Although sudo elevates you to root temporarily, su changes you to another user with suitable privileges. That may seem like an unimportant distinction, but there are good reasons to change the account that sudo elevates a user to. 

    First of all, changing the account means that regular users don’t know the root password. Second, there’s a log of all sudo commands, which means that the system administrator (root) can look up who issued su commands.

    The syntax for su is essentially the same as sudo:

    Su USERNAME -c COMMAND

    Replace USERNAME with the desired user to run the command and COMMAND with the Linux command you want to execute.

    If you want to run multiple commands as another user, simply use:

    Su USER

    Replace USER with the desired user account identity.

    If you use su by itself, Linux will switch to the other user account until you use the command “exit.” It’s important to remember this or the next user to access the terminal in that session will still have elevated permissions. This is why it’s generally better to use sudo rather than su.

    The Sudo Time Limit

    The first time that you use a sudo command, you’ll have to enter a password. Then, that password will remain valid for 15 minutes. You can change this default by running the command sudo visudo and changing “timestamp_timeout=” to a longer or shorter value. However, we don’t recommend you do this unless you have a good reason to extend or shorten how long a sudo password remains valid.

    Sudo Option Switches

    Although the sudo syntax is simple, several switches are worth knowing about. These commands open up additional information or help you control the sudo session:

    • -h shows you syntax and command information for sudo.
    • -V displays the current version for sudo on your machine.
    • -v refreshes the sudo time limit, restarting the clock.
    • -l lists user privileges.
    • -k kills the current sudo session immediately, removing elevated privileges.

    There are many more options built into sudo, and you can see them all using the first -h switch listed above.

    The above screenshot is what results when you use the help option.

    Useful Sudo Commands

    So which commands empowered by sudo should every Linux user know? We’ve already covered sudo apt-get update, but take a note of these as well:

    • Sudo apt-get upgrade will upgrade all installed packages.
    • Sudo apt-get install <package-name> installs software of your choice; just change the package name to the one you want to install.
    • If you don’t know the package name, use dpkg –list.
    • If you want to remove an installed package from the terminal, use sudo apt-get remove <package-name (again substituting the specific package name in question).

    These are likely the first sudo commands you’ll have to use, but as you’ve learned above any command can follow sudo, but you should only use ones that need higher privileges with it.