A beginner's guide to understanding sudo on Ubuntu
Ever got a 'Permission denied' error while working on the linux command line? Chances are that you were trying to perform an operation that requires root permissions. For example, the following screenshot shows the error being thrown when Iwas trying to copy a binary file to one of the system directories:
So what's the solution to this problem? Simple, use the sudo command.
The user who is running the command will be prompted for their login password. Once the correct password is entered, the operation will be performed successfully.
While sudo is no doubt a must-know command for any and everyone who works on the command line in Linux, there are several other related (and in-depth) details that you should know in order to use the commandmore responsibly and effectively. And that's exactly what we'll be discussing here in this article.
But before we move ahead, it's worth mentioning that all the commands and instructions mentionedin this article have been tested on Ubuntu 14.04LTS with Bash shell version 4.3.11.What is sudo?
The sudo command, as most of you might already know, is used to execute a command with elevated privileges(usually as root). An example of this we've already discussed in the introduction section above. However, if you want, you can use sudo to execute command as some other (non-root) user.
This is achieved through the -u command line option the tool provides. For example, in the example shown below, I (himanshu) tried renaming a file in some other user's (howtoforge) home directory, but got a 'permission denied' error. And then I tried the same 'mv' command with 'sudo -u howtoforge,' the command was successful:
Can any user use sudo?
No. For a user to be able to use sudo, an entry corresponding to that user should be in the /etc/sudoers file. The following paragraph - taken from Ubuntu's website - should make it more clear:The /etc/sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands. The file is composed of aliases (basically variables) and user specifications (which control who can run what).
If you are using Ubuntu, it's easy to make sure that a user can run the sudo command: all you have to do is to make that user account type 'administrator'. This can be done by heading to System Settings... -> User Accounts.
Unlocking the window:
Then selecting the user whose account type you want to change, and then changing the type to ' administrator'
However, if you aren't on Ubuntu, or your distribution doesn't provide this feature, you can manually edit the /etc/sudoers file to make the change. You'll be required to add the following line in that file:[user] ALL=(ALL:ALL) ALL Needless to say, [user] should be replaced by the user-nameof the accountyou're granting the sudo privilege. An important thing worth mentioning here is that the officially suggested method of editing this file is through the visudo command - all you have to do is to run the following command:
To give you an idea why exactly is that the case, here's an excerpt from the visudo manual:visudo edits the sudoers file in a safe fashion. visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.
For more information on visudo, head here .What is a sudo session?
If you use the sudo command frequently, I am sure you'd have observed that afteryou successfully enter the password once, you can run multiple sudo commands without being prompted for the password. But after sometime, the sudo command asks for your password again.
This behavior has nothing to do with the number of sudo-powered commands you run, but instead depends on time. Yes, by default, sudo won't ask for password for 15 minutes after the user has entered it once. Post these 15 minutes, you'll be prompted for password again.
However, if you want, you can change this behavior. For this, open the /etc/sudoers file using the following command:
And then go to the line that reads:Defaults env_reset
and add the following variable (highlighted in bold below) at the end of the lineDefaults env_reset,timestamp_timeout=[new-value] The [new-value] field should be replaced by the number of minutes you want your sudo session to last. For example, I used the value 40.
In case you want to get prompted for password every time you use the sudo command, then in that case you can assign the value '0' to this variable. And for those of you who want that their sudo session should never time out, you can assign the value '-1'.
Please note that using timestamp_timeout with value '-1' is strongly discouraged.The sudo password
As you might have observed, whenever sudo prompts you for a password and you start entering it, nothing shows up - not even asterisks that's usually the norm. While that's not a big deal in general, some users may want to have the asterisks displayed for whatever reason.
The good thing is that's possible and pretty easy to do. All you have to do is to change the following line in /etc/sudoers file:Defaults env_reset
And save the file.
Now, whenever you'll type the sudo password, asterisk will show up.
Some important sudo command line options
Aside from the -u command line option (which we've already discussed at the beginning of this tutorial), there are some other important sudo command line options that deserve a mention. In this section, we will discuss some of those.The -k option
Consider a case where-in you've just run a sudo-powered command after entering your password. Now, as you already know, the sudo session remains active for 15-mins by default. Suppose during this session, you have to give someone access to your terminal, but you don't want them to be able to use sudo. What will you do?
Thankfully, there exists a command line option -k thatallows user to revoke sudo permission. Here's what the sudo man page has to say about this option:-k, --reset-timestamp
When used without a command, invalidates the user's cached credentials. In other words, the next time sudo is run a password will be required. This option does not require a password and was added to allow a user to revoke sudo permissions from a .
本文系统（linux）相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统
本文标题：A beginner's guide to understanding sudo on Ubuntu