How To Run Sudo Commands In Linux

Linux's "secure by design" philosophy places many constraints on the default permissions granted to every new user. Some of these precautions include disabling the ability to run commands with "sudo". Sudo is a special command that permits running admin level command without actually being root. Sometimes however, you need to let people run these commands for server maintenance etc. In this article, I show you how to do this and add users to something called the "sudoers" file.

Testing for Sudo Permissions

Before making any changes, you can first check to see whether you as a user already have sudo permissions by typing:

sudo -l

Type in your password and if you don't have sudo permissions, here's what you should see:

bhagwad cannot run sudo

The above command is to check if you yourself can run sudo. If you're root however, and want to check if a particular user has sudo, here's the command:

sudo -U [username] -l

Replace [username] with the name of the user whose permissions you want to check. If sudo permissions do not exist, you should see this:

Find out permissions as root

So once you've determined that a specific user can't run sudo, let's see now how to obtain that permission.

Using the "visudo" Tool

As with everything in Linux, we can make all the configuration changes via text files. And if we want, we can do the same here. However, this file is rather dangerous to edit manually like any other. The reason is that inconsistencies in this file can seriously mess things up. For example, you don't want multiple users to edit it simultaneously.

For this reason, there's a separate tool in Linux for handling the sudoers file called "visudo". This is just another version of the standard "vi" editing tool, but with some additional features. Its sole purpose is to edit the sudoers file and lock it against multiple editing attempts. Not only that, it performs some basic "sanity checks" and syntax verifications to prevent users from being locked out.

But Why is This File So Important?

Here's one scenario. One of the first security measures to harden a Linux server is to disable root logins. But before we do that, we must ensure that another user has the ability to run admin commands. If you omit this intermediate step, you'll suddenly be left in a situation where no one can run admin commands and you're locked out of root!

So visudo just ensures we didn't mess stuff up too badly with syntax errors and like.

Adding a Username to visudo

Open the sudoers file by typing:

visudo

Now scroll down all the way till you see this line:

"Allow root to run any commands anywhere"

You should find it somewhere towards the end of the file like this:

Lines to Allow Users to Run Sudo

It should have the line below it:

root ALL=(ALL) ALL

Now add the following line just below:

[username] ALL=(ALL) ALL

As before, replace [username] with the name of the user to whom you want to give sudo permissions.

Allow a Linux User to Run Sudo

Once done, save your changes.

Testing Sudo Permissions

To check if the changes have gone through, re-run the command in the first step. This time, you should see a different message:

Now User can Run Sudo Commands

As you can see in the screenshot above, I now have the ability to run sudo commands! We can now proceed to the next step of disabling root logins for security reasons. After that, we can also disable password based logins and enforce it SSH keys instead. But that's for another tutorial!

Was this answer helpful? 0 Users Found This Useful (0 Votes)