- On every Linux system, there's a superuser account called Root. The superuser isn't intended to be used by a human day to day rather, it's a tool that the system uses and that humans can use in order to perform administrative tasks like installing software, changing configurations and so on. On every system, Root has the user id of zero and is the only user created during default installation. Many installers will also prompt you to create a human or regular user during the setup process however. While other user accounts have restrictions on them, Root does not.
Root can read any file in the system, regardless of permissions and can make changes to the operation of the system. It's also the only user that can login when the system is in emergency or rescue mode. While we can login to the Root user directly, it's not a best practice. So instead, we can delegate the authority of the superuser to other users, for them to use temporarily when needed. This is done with a program called su-do or su-doh. There's some disagreement over how to say the name of this command and I want to talk about that for a moment. I and some other users prefer to say to say su-do, in part because the other pronunciation sounds like the English word, pseudo, which means false or not genuine.
In a sense, we are not being genuine when we use the superusers privileges without actually logging in as Root. But the word, pseudo, shows up in other contexts on the Linux system as well, like the pseudo terminal that we use when logging in remotely. Or pseudo file systems like Proc and SCSI. So I prefer to think of sudo as a combination of the s-u, or su command, which is used to switch users. And the verb, do, switch user and do. Sudo. The software's referred to like this on the maintainer's web-page at sudo.ws. Unfortunately, creators of the sudo Command didn't leave us a handy pronunciation guide in the documentation but feel free to pronounce it however you prefer.
The list of users who are allowed to use superuser privileges is managed in the etc sudoers file. On different distros, this file can have some helpful comments or aliases to find. But the basic part of it is the section where users are granted access either by name as we can see here with Root, or by group, as we can see in the sections down here, allowing users who are members of the admin and sudo groups to have superuser access. The ALL here in the first position means that a user or group has superuser access on all machines controlled by this file.
Machines can share a sudoers file but most commonly you'll see ALL here, though it only refers to one machine. In the parentheses, we see the user and group that this user can emulate. In this case, any user and any group. And then the ALL at the end, represents the fact that this user can use their superuser privilege to run any command. This can be limited to specific commands by listing them instead. To modify this file, we need to use the visudo Command, which checks the syntax of the file before saving it, in order to catch misconfigurations that could prevent anyone from using superuser privileges.
In order to use the superuser privileges, we have two primary options. We can use the sudo Command in front of a command that we want to have run with superuser privileges or we can use sudo itself with various options to switch into a superuser shell. As I did earlier, I can use sudo to use cat to look at the sudoers file. If I tried this just as a regular user, with just cat, etc, sudoers, I'm denied access. If I had a serious of commands that I needed to take care of and I didn't want to type sudo in front of each one, I could use sudo to switch into a shell where I have superuser privileges.
Two common options for this usage of sudo are -i and -s. Sudo -i runs the target user's shell and -s runs the invoking user's shell. So if the target user, for example, Root has their shells set to sh and my user shell is bash, the -i option will run the root shell with sh. And -s will run the root shell with bash. The -i option also changes into the target user's home directory which can be useful. The sudo -l Command shows what sudo privileges the current user has.
For example, my user here can run all commands on the system. The sudo -u Command lets you specify a user to operate as. Without this option, it's assumed that you want to run a command as or use the shell of the Root user. But, if need be, someone with the correct sudo access can emulate a different user. This is the user and group specified in parentheses in the sudoers file. As you use sudo, logs are kept of commands run with superuser access. These entries can be viewed in the system log. When you use sudo for a command, a five-minute timer is created and for that period of time, you can use sudo again without typing your password.
The time is reset each time a command is used. To expire the timer when you're done using sudo, you can the -k option. Then if you try to use sudo again, you'll be prompted for your password once more.
Note: Because this is an ongoing series, viewers will not receive a certificate of completion.