Sudo command on Linux (privilege scale) [Basic Guide]

The sudo command on Linux executes a given command as if it were another user. It is used on a daily basis in system administration tasks, mainly to scale root account privileges.

If the user who ran sudo is an ordinary user, they must know the password of the user who wishes to execute the command.

If the user who ran sudo is root, sudo will not ask for any user’s password, since root has superpowers.

Example:

# sudo -u uira /bin/mail uiraribeiro@terra.com.br 
Subject: test 
I am sending a message as if I were Professor Uira
. 

EOT

In this example, the root user is sending an email as if they were the user “uira”.

Note that if another user tries to make sudo run a program with another user’s permissions, sudo will request the user’s password:

Look @linux -7rxb: ~> sudo -u Carla /bin/mail Carla's password:

In this example, the user “uira” is trying to send an email as if they were the user “Carla”.

Sudo is useful when you want a process to run with a specific user, so that the file permissions are correct for the perfect functioning.

The su command

The su command executes the shell as if it were another user.

Example:

uira @linux -7rxb: ~> su - passwd

In this example, the user “uira” requests that the Shell run as the “root” user. In this way, the user “uira” will gain all superuser account permissions in the system.

The “- “signal causes the shell load scripts of the “root” account to be read, as if the “root” himself were logging into the system.

You can also specify a user to run the shell as if it were him:

# su uira -

In this example, the root user will run the shell as if they were the user “uira”.

On more secure systems, the “root” user is never allowed to enter the system directly. Thus, users must log in with their access accounts and, if necessary, must execute superuser commands using “sudo” or accessing the root account with “su”.

To log in as root, you can use the command:

$ su root -

In this case, you need to know the root user’s password.

For this reason, it is common when a user wants to gain root privileges, the command is used:

$ sudo su -

So, if your user is in the group that has permission to run sudo in the /etc/sudoers file, you only need to re-authenticate with your own password, not the root user’s password. This authentication is just to confirm that you are yourself. Depending on the configuration, even this authentication is not required.

The sudoedit command

The sudoedit command is useful for editing files with the permissions of another user, especially root.

There are two situations in which the use of Sudoedit is interesting:

The first is when the system administrator wishes to give permissions to a particular user to edit a file to which that user does not have writing permissions (w), and the administrator does not want to give the user full “sudo” permissions.

The trick is to create a group of users that can do Sudoedit with the groupadd command:

# groupadd gruposudoedit

And create a line in the /etc/sudoers file for the group, allowing the gruposudoedit group to execute the sudoedit command for the given file:

%gruposudoedit ALL = sudoedit /directory/file

Once this is done, any user who is part of the gruposudoedit group can edit the file with the sudoedit command:

$ sudoedit /directory/file

The second most common situation is that the administrator needs to edit a system file, especially the configuration files in the /etc. directory.

The administrator can use the “sudo vi” command to run the text editor “vi” as root, and edit the file:

$ sudo vi /etc/services

It turns out that in this way the “vi” will lose all the colored markings in the text:

The best thing to do in these cases is to use Sudoedit, since it edits the file, saves a temporary copy, and only then copies the temporary copy to the original file.