sudo is the command that takes care of everything. It literally means "super user do!" (super user do!) It is one of the most essential commands for Linux system administrators or advanced users. Have you ever had the experience of trying to run a command in the terminal and getting "Access Denied"? This is the command you need! But as the saying goes, with great power comes great responsibility! sudo is much better than logging in as root, or using the su "switch user" command. Read on to see what sudo can do for you!
sudo: what is it used for?
So, what can sudo actually do? If you prefix any Linux command with "sudo", it will run that command with elevated privileges. Elevated privileges are required to perform certain administrative tasks. One day, you might want to run a LAMP (Linux Apache MySQL PHP) server and edit the configuration files manually. You may also restart or reset the Apache web server or other service daemons. You even need elevated privileges to shut down or restart the computer. "Hey, who turned off this machine?"
If you're familiar with Windows, sudo is very similar to the Windows User Account Control (ACL) dialog that pops up when you try to do anything important, just not as friendly. In Windows, if you try to perform an administrative task, a dialog will ask you if you want to continue ("Are you sure you want to run the program you just clicked?") and then perform the task. On a Mac machine, a security dialog will pop up asking you to enter your password and click OK.
The Linux side is more dramatic. Without the proper permissions, some operations can appear rather bizarre. That important configuration file you're editing may not save its contents correctly. The program you installed may just refuse to run. That great piece of source code that you downloaded and wanted to compile won't compile. If you're unlucky, you might even see "Access Denied" or another error message. All of your worst fears come true, but all you have to do is ask for permission! That's why we should remember to request superuser privileges beforehand when doing things like:
sudo reboot
Take a look at this screenshot to see what would have happened if we didn't elevate our privileges with sudo first:
https://dn-linuxcn.qbox.me/data/attachment/album/201307/25/162208c5zxxlh5ltdbnlky.jpg
First, we try to reboot the system using the reboot command. The command doesn't mention: "must be superuser". Then, we tried rebooting with sudo. sudo requires you to provide the user password. Please note: it asks for your password, not the root password. Finally, we see the broadcast message that the system will now be rebooted. sudo is like a magic command that will issue magic instructions.
https://dn-linuxcn.qbox.me/data/attachment/album/201307/25/162208w2bcu5jb2pjb29q9.jpg
Why is sudo better than the other way around?
sudo is the best and safest way to escalate privileges. Let's look at another way to escalate privileges. As a switch user command, "su" will ask you for the root password and give you a superuser prompt, denoted by the # symbol. The # sign means "Danger! You are logged in as root!" The first command you issued may have completed successfully. But once you forget, you will continue to log in as root. If you make a typo, you're done! You wiped the entire hard drive, not the pirated mp3 file you downloaded. Your web server and home business are gone! In the case of sudo, you must type "sudo" before every command. Thus, you don't have to remember to switch back to regular user mode, which will lead to fewer accidents.
Suderos file
This file can be described as the basis of sudo. It controls who can use the sudo command to gain elevated privileges. It is usually located at /etc/sudoers. The most efficient and safe way to edit this file is to use the visudo command. This command will start the vi editor with elevated privileges so you can edit and save the file. It also puts a file lock on the sudoers file so that no one else can edit the file. Once you're done editing, it analyzes the file for simple errors. Editing sudo files is much safer than just using any old text editor.
This file contains many parameters. You can specify which users or which users can execute which commands. We're ready to give ourselves access to sudo by adding at the bottom:
username ALL=(ALL) ALL //Grant sudo access to user "username"
%wheel ALL=(ALL) ALL //Grant sudo access to all users belonging to the wheel user group
The specified username will now be able to use all root privileges. You can also allow a user or group of users to have sudo access only to specific services or servers in place of the ALL parameter, but that's another topic.
several options
As with any good command, there are a few great options to get sudo to do more things.
- sudo -b will run the command in the background. This is useful for commands that display a lot of real-time output.
- sudo -s will run the shell specified with elevated privileges, giving you the # prompt (don't forget to exit!)
- sudo su - will make you root and load your custom user environment variables.
Are you using it now?
sudo provides safe elevated privileges when we want to run important tasks. Among Ubuntu users, it is perhaps the most widely used and powerful command, as it has become the preferred method in the distro. Now that you have so much power, it's important to be safe when running commands! There is no su-undo undo command in the world!
Original: http://blog.linuxacademy.com/linux/linux-commands-for-beginners-sudo/
Translation: http://os.51cto.com/art/201307/404879.htm