Quick take: The sudo command runs a single command with elevated (usually root) privileges: sudo apt update. Use sudo -i for a root shell and sudo -u user to run as a specific user. Permissions are defined in the sudoers file.
Introduction
The sudo command (superuser do) lets a permitted user run a command as root or another user, without logging in as that user. It is the cornerstone of safe Linux administration: instead of staying logged in as all-powerful root, you grant elevated rights only for the specific commands that need them.
This guide covers running commands as root and other users, getting a root shell, and editing the sudoers configuration safely.
Syntax
The basic syntax of the sudo command is:
sudo [OPTIONS] COMMANDGranting sudo Access Safely
Who may use sudo, and for what, is defined in /etc/sudoers and files under /etc/sudoers.d/. Never edit these with a plain editor — always use visudo, which validates the syntax before saving and prevents a mistake from locking everyone out of admin rights.
# Add a user to the sudo group (Ubuntu/Debian)
sudo usermod -aG sudo alice
# Grant a user one specific command without a password (via visudo)
alice ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart nginxThe least-privilege principle applies: grant the narrowest rights that get the job done, rather than blanket root access.
Common Options and Parameters
The most useful options and parameters for the sudo command:
| Option | Description |
|---|---|
| (default) | Run the command as root. |
| -u USER | Run the command as a specific user. |
| -i | Start an interactive login shell as the target user. |
| -s | Start a shell as root without a full login environment. |
| -l | List the commands the current user may run with sudo. |
| -k | Forget the cached credentials (require a password next time). |
| -v | Refresh the credential timestamp without running a command. |
Practical Examples
Real sudo commands you can run today:
# Run a command as root
sudo apt update
# Rerun the previous command with sudo
sudo !!
# Open a root shell
sudo -i
# Run a command as another user
sudo -u www-data php artisan queue:work
# See what you are allowed to run
sudo -l
# Edit the sudoers file safely
sudo visudoTips and Best Practices
sudo !!reruns your last command with sudo — the classic fix right after a “permission denied”.- Prefer
sudo commandover a permanent root shell so each elevated action is deliberate and logged. - Always use
visudoto edit sudoers; a syntax error edited directly can lock you out of sudo entirely.
Final Thoughts
sudo is what makes day-to-day Linux administration both possible and safe — elevating privileges only for the command that needs them, with every use logged. Learn -i for a root shell, -u to act as another user, and always edit sudoers with visudo. Used with the least-privilege mindset, it keeps systems secure and auditable.
FAQ: sudo Command in Linux
How do I run a command as root with sudo?+
Prefix the command with sudo, for example sudo apt update. You will be asked for your own password, and the command runs with root privileges.
What is the difference between sudo -i and sudo -s?+
sudo -i starts a full root login shell with root's environment, as if you logged in as root. sudo -s starts a root shell but keeps your current environment. Use -i for a clean root session.
How do I give a user sudo access?+
On Ubuntu, add them to the sudo group: sudo usermod -aG sudo username. They must log out and back in for the change to take effect.
How do I edit the sudoers file?+
Always use sudo visudo, which checks the syntax before saving. Editing /etc/sudoers directly risks a typo that locks everyone out of sudo.
How do I run a command as a different user?+
Use -u: sudo -u www-data command runs it as the www-data user. This is common for executing web-application tasks as the correct service account.
Need help with Linux servers or infrastructure?
Work directly with Muhammad Irfan Aslam for Linux, Ubuntu, Docker, DevOps, cloud, CI/CD, or infrastructure support.
Hire Me for Support