Woah, seems a bit soon to be using sudo, no? Well, if we are going to be real command-line warriors, you will undoubtedly need to get familiar with using it to get ahead.

`root` and the reason for `sudo`

Almost every desktop or server Linux system has a root user. In the computing world, this is called a superuser. Microsoft also calls this the Administrator. The superuser has full access to all files, folders, processes, and the entire system—think of it as a god mode. This is convenient for maintenance tasks for administrators but poses a security concern when placed into the wrong hands.

The UNIX developers back in the 80s [source] believed nobody should always have that much power, and rightfully so. Thus, the creation of sudo, which is an abbreviation of "superuser do."

So what does `sudo` do?

To simplify, running sudo allows an unprivileged user to become root for a moment. That way, the user can still have administrative rights to the system, and the root user can remain untouched. The "sudoer" will also have to enter their password when they invoke sudo. The sudoer has to hold responsibility for what commands they run.

It is used by running sudo plus the command that needs to be run with higher privileges. Here are examples with output:

$ whoami
user
$ sudo whoami
[sudo] password for user: *****
root

$ ls -A /root
ls: cannot open directory '/root': Permission denied
$ su -
su: Authentication failure
$ sudo su -
[sudo] password for user: *****
# whoami
root
# ls -A /root
.bash_history  .bashrc  .config  secrets.txt

Don't forget that prompts that start with # are privileged, and prompts that start with $ are not.

When to use `sudo`

When installing or updating a package or program

Only the superuser can add or remove packages.

$ sudo apt install htop
$ sudo apt autoremove

The same goes for system upgrades.

$ sudo apt update
$ sudo apt upgrade

However, you won't need it to list and search for packages.

$ apt list --installed
$ apt list --upgradable
$ apt search mat2

When making changes to system files or services

Use it when modifying the system on a "broad scale," such as editing config files, managing services, reading logs, administrating users, and mounting or modifying disks.

$ sudo nano /etc/fstab
$ sudo service sshd restart
$ sudo dmesg | tail
$ sudo usermod -aG docker $USER
$ sudo mount /dev/sdb1 /mnt/mydisk

When changing the permissions or the owner of a file

Here is an example of changing the permissions and the owner of the file secrets.txt in a shared directory:

$ sudo chmod 700 /mnt/share/secrets.txt
$ sudo chown jacob:jacob /mnt/share/secrets.txt

When NOT to use `sudo`

When running a non-system-related program or when accessing the web

The superuser doesn't have to run the unprivileged user's applications if they don't require administrative rights. It's also best practice to download files from the internet only while unprivileged.

$ htop
$ hostname -I
$ date +%r
$ wget https://example.com

When reading and writing user-level files

It's not necessary to use sudo to edit any of the files in your home directory.

$ nano ~/.bashrc
$ cat ~/hello.txt

When you are unsure of the danger of the command you are entering

This is the last but probably the most important point.

$ rm -rf /
Error: Permission denied

Any other tips?

Yes! If you need elevated privileges for the previously executed command, you can use sudo !!.

$ mkdir /mnt/data
mkdir: cannot create directory '/mnt/data': Permission denied
$ sudo !!
[sudo] password for user: *****
$ ls -F /mnt
data/

Systems may require you to add the user to the sudo group, or be added to the "sudoers" file with visudo. Some distros, like Fedora, use a privileged group called wheel instead. Other distros and operating systems, like Gentoo and OpenBSD, use doas by default instead of sudo.

Now, you should have a thorough understanding of superuser privileges inside a Linux system.

COMING SOON: Bash, Basics, Part 3: Editing, Moving, and Deleting Files