What Is Sudo in Linux?

The sudo command gives some admin privileges to non-admin users

IT Professional
  GodfriedEdelman/Getty Images 

When you run administrative applications in Linux, you can use the su ("switch user") command to switch to the superuser (root), or you can use the sudo ("super user do") command.

One way to know when to use the sudo command is if you're trying to run commands in terminal only to be met with "access denied" or "operation requires superuser privilege" errors. These errors might occur if the Linux distribution – like Ubuntu – doesn't enable the use of the root user. Once you use the sudo command, that specific command can be run with elevated rights.

However, if you opt instead to use the su command, you're switching the whole user over to root, meaning that even after the first command, every subsequent one is also run with root credentials. This makes it really easy to accidentally run elevated commands, which could do lots of damage if you aren't careful.

To restate: sudo works only for each command that starts off as "sudo," while su enables every command in that prompt to run as superuser without the need to type sudo or su before each one.

How It Works

Although they work differently, you can compare the sudo command to the prompt you might see in Windows or macOS. When asked in those operating systems if you want to continue performing that specific action, you're met with a button that has you confirm that you want to run the action with elevated privilege, and at times you might even have to enter an admin's password.

Much like in those operating systems, Linux uses the sudo command as a wall between normal tasks and admin ones, so that you have to confirm for sure that you want to do whatever it is that the command will execute. Even more similar is the runas command in Windows; like in Linux, the runas command works from the command line to launch a file with credentials from a certain user, often an admin.

Tip: If you're not sure if you're using sudo or su, look at the trailing character on the command line. If it's a pound sign (#), you're logged in as root.

About the Sudo Command

In Linux, sudo (pronounced "sue dough") allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. However, it's not a replacement for the shell.

When you put "sudo" in front of any command in terminal, the following is run with elevated privileges, which is why it's the solution to privilege related errors. It's required if you're wanting to run commands that are considered administrative tasks.

Sudo operates on a per-command basis. Features include the ability to restrict the commands a user can run on a per-host basis, copious logging of each command to provide a clear audit trail of who did what, a configurable timeout of the sudo command, and the ability to use the same configuration file on many different machines.

Sudo Command Example

A standard user without administrative privileges might enter a command in Linux to install a piece of software:

Screenshot of a superuser error in Ubuntu
dpkg -i software.deb

The command returns an error because a person without administrative privileges isn't allowed to install software. However, the sudo command comes to the rescue. Instead, the correct command for this user is:

Screenshot of the sudo dpkg command in Ubuntu
sudo dpkg -i software.deb

This time the software installs. This assumes that a person with administrative privileges has previously configured Linux to allow the user to install software or, if prompted with a password, that the password was entered correctly.

Note: You can also configure Linux to prevent some users from being able to use the sudo command.