Register to get access to 15+ free programming courses with interactive exercises

Sudo CLI fundamentals

There are quite a few situations in which it is necessary to elevate privileges and execute commands as root. Some we have already encountered, others we will get to know in future lessons:

  • Installing new programs
  • Navigating through someone else's directories
  • Changing permissions and owners of files that do not belong to the current user
  • Creating, editing, and deleting files in places where the current user does not have rights
  • Running programs that require elevated privileges

You can become another user directly in the system by using the su (substitute user, switch user) utility. This was once the main way, but now it's outdated and not recommended for use. You can read more about this in the article from the supplementary materials. The main way to elevate privileges in modern systems is the utility sudo (substitute user and do).

Using sudo is very easy, just write this command to the left of any other command and execute. By default it tries to elevate privileges to superuser:

# No rights to execute
touch /etc/myfile

touch: cannot touch '/etc/myfile': Permission denied

# With sudo everything works
sudo touch /etc/myfile

# You can see that the owner of the file is root
stat /etc/myfile

  File: '/etc/myfile'
  Size: 0           Blocks: 0          IO Block: 4096   regular empty file
Device: ca01h/51713d    Inode: 2761        Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)

# No rights to delete
rm /etc/myfile

rm: remove write-protected regular empty file '/etc/myfile'? y
rm: cannot remove '/etc/myfile': Permission denied

# sudo helps again
sudo rm /etc/myfile

Depending on your system's sudo settings, this utility may ask for your login password or refuse to work at all, saying you have no right to use it. As a rule, in Ubuntu sudo asks for the password and remembers it for 5 minutes. During this period, you can use sudo without having to enter the password every time.

Sometimes it's necessary to execute a command under a user other than root. Then we have to add the -u flag:

sudo -u nobody mkdir /tmp/test
# File created by nobody
stat /tmp/test

  File: '/tmp/test'
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: ca01h/51713d    Inode: 4577        Links: 2
Access: (0755/drwxr-xr-x)  Uid: (65534/  nobody)   Gid: (65534/ nogroup)

If the task is to perform a bunch of actions at once on behalf of another user, it's possible to start a new shell inside the current one (they say that we start a new session):

sudo -i
id

uid=0(root) gid=0(root) groups=0(root)

The main thing is not to forget to switch back after completing the necessary actions. To do this, type exit.

The pitfalls

Knowing about sudo plays a cruel trick on newbies. Every time they see "strange" errors, they do not try to figure it out, but try to run a command with sudo without parameters, i.e., just run it as a superuser. This approach often works, but it creates more problems than it solves.

Running a command that creates files and directories under sudo, causes the root user to become the owner of those files. In fact, all subsequent access rights to this file without sudo will start giving an error about lack of access rights. And you may not even have to work with these files directly; many programs in one way or another access the file system to read the configuration and other files.

The right way out in each case is different. In some cases sudo is just what you need, but sometimes you need to change permissions (more on that in the next lesson) and sometimes you need to reinstall some part of the system.

The most general rule might be that everything in the user's private directories should belong to the user, not to the superuser. Anything that requires additional rights because it is in the system paths (outside the user's home directory) should instead be run with sudo (but this isn't necessary).

ls -la

# All the contents of the home directory belong to a single user.
# The user directory itself belongs to the user,
# and the parent directory belongs to the superuser
drwxr-xr-x+ 117 mokevnin  staff    3744 Feb 19 15:55 .
drwxr-xr-x    5 root      admin     160 Oct 12 19:15 ..
-r--------    1 mokevnin  staff       7 Nov 21  2017 .CFUserTextEncoding
-rw-r--r--@   1 mokevnin  staff   22532 Feb  8 00:04 .DS_Store

Аватары экспертов Хекслета

Are there any more questions? Ask them in the Discussion section.

The Hexlet support team or other students will answer you.

Sign up

Programming courses for beginners and experienced developers. Start training for free

  • 130 courses, 2000+ hours of theory
  • 1000 practical tasks in a browser
  • 360 000 students
By sending the form, you agree to Personal Policy and Service Conditions

Our graduates work in companies:

<span class="translation_missing" title="translation missing: en.web.courses.lessons.registration.bookmate">Bookmate</span>
<span class="translation_missing" title="translation missing: en.web.courses.lessons.registration.healthsamurai">Healthsamurai</span>
<span class="translation_missing" title="translation missing: en.web.courses.lessons.registration.dualboot">Dualboot</span>
<span class="translation_missing" title="translation missing: en.web.courses.lessons.registration.abbyy">Abbyy</span>
Suggested learning programs

From zero to a developer. Refunds in case you won't get a job

Frontend Developer icon
Profession
New
Development of front-end components for web applications
start anytime 10 months

Use Hexlet to the fullest extent!

  • Ask questions about the lesson
  • Test your knowledge in quizzes
  • Practice in your browser
  • Track your progress

Sign up or sign in

By sending the form, you agree to Personal Policy and Service Conditions