Linux Command Line: sudo

Most often used in Ubuntu-like distributions to allow a standard user to issue commands that would normally be run be run by the root user. By using sudo you can run tools like apt-get, Synaptic, iptables, Samba, Apache, etc.. Without the help of sudo, distributions such as Ubuntu would be crippled because you can not log in as the root user. Created by Bob Coggeshall and Cliff Spencer, sudo has been around since the '80s and is now maintained by Todd C. Miller and released under the BSD license. Although sudo can be set up on a system that doesn't traditionally require sudo (such as Fedora, Mandriva, and SuSE), it can be installed and used for security purposes. By employing sudo you can control which users, on a multi-user system, have access to administrative powers without handing out the root password.

When using a distribution that requires sudo to undertake any administrative tasks, the use of sudo is simple. Say you want to install Gnucash with apt-get. If you issue the command apt-get install gnucash you will see the error messages:

E: Could not open lock file /var/lib/dpkg/lock - open (13 Permission denied)

E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

The above simply means you do not have permission to do what you tried to do. Now if you prefaced the same command sudo like so: sudo apt-get install gnucash, you would see:

password:

Once you enter your user password the command would execute.

After this command is completed, if you wanted to issue another command requiring sudo you wouldn't have to enter the password a second time. This feature does time out after five minutes of inactivity.

Those of you who are accustomed to Fedora, Mandriva, and SuSE will notice that, by default, you can not successfully issue the su command to gain root access. In Ubuntu there is no root password set by default so you can not log in as root. This system is added for security reasons.

A nice feature of sudo is the "e" argument which is for "edit". If you need to edit a text file that requires root privileges you can do this in two ways. Let's use the Nano text editor and the httpd.conf file for examples.

sudo nano /etc/apache2/conf/httpd.conf

or

sudo -e /etc/apache2/conf/httpd.conf

Using the "e" argument automatically uses your default text editor to place you in sudoedit mode. You can get the same results by issuing the command:

sudoedit /etc/apache2/conf/httpd.conf

If you are migrating from a distribution that does not take advantage of sudo, it will take you a while to get used to typing "sudo". But the learning curve is worth it for the security using sudo brings. The sudo system is an outstanding way to allow users administrative privileges without fully comprising your system.