Did you ever get an "access Denied (Permission denied)" error when using the Linux command line? This may be because you are trying to perform an operation that requires root permissions. For example, the following shows an error that occurs when I try to copy a binary file into a system directory.
Shell denial of access
So how do you solve this error? Very simple, use the sudo command.
Run the command with sudo
Users are prompted to enter their (own) login password after running this command. Once the correct password is entered, the operation will be executed successfully.
There is no doubt that Sudo is a command that anyone using the command line on Linux must know. However, to be more responsible and efficient with this command, you need to know some of the relevant (and in-depth) details. That's exactly what we're going to discuss in this post.
Before we go on, it is worth mentioning that all the command instructions mentioned in this article have been tested under the Ubuntu 14.04 LTS 4.3. Version 11 Bash.
what is sudo
As most of you know, sudo is used to execute commands that require elevated privileges (usually as root). An example of this has been discussed in the introductory section before this article. However, if you want, you can use sudo to run commands with other (non-root) users.
This is implemented by the-u command-line option provided by the tool. For example, as shown in the following example, I (Himanshu) tried to rename a file in the Home directory of another user (Howtoforge), but got an "access Denied" error. Then I added Sudo-u howtoforge and with the same "MV" command, the command was executed successfully:
What is sudo
can anyone use sudo ?
No. For a user to be able to use sudo, there should be a message in the/etc/sudoers file that is relevant to that user. The following excerpt from the Ubuntu Web site can be more clearly explained:
The/etc/sudoers file controls who can run what commands on which machine, and can control special situations, such as whether a password is required for a particular command. This file consists of the alias aliases (the basic variable) and the user ID specifications, which controls who can run what command.
If you're using Ubuntu, it's easy for a user to run the sudo command: all you have to do is change the account type to admin administrator. This can be done directly in the user accounts of the system setup, Settings-users account.
sudo user
First unlock the window:
Unlocking window
Then select the user you want to change the user type to, and then change the type to admin administrator.
Choose sudo accounts
However, if you do not use Ubuntu, or if your distribution does not provide this feature, you can manually edit the/etc/sudoers file to achieve this change. To add such a line to a file:
[User] All= (All:all) all
Needless to be mentioned, [user] should be replaced with the username of the user who you want to elevate sudo permissions to. One important thing to mention here is that the official proposal is to edit the file with the Visudo command-all you have to do is run the following command:
sudo visudo
To clarify what is going on, here's a summary from the Visudo Handbook:
Visudo Edit the Sudoers file in a secure mode. Visudo locks the sudoers file to prevent multiple edits from taking place, providing basic checks (sanity checks) and syntax error checking. If the sudoers file is now being edited, you will receive a message prompting you to try again later.
For more information about Visudo, go here.
what is a sudo session
If you frequently use the sudo command, you must have noticed that once you have successfully entered the password, you can run the sudo command several times without entering the password. But after a while, the sudo command will ask for your password again.
This behavior has nothing to do with the number of Sudo commands and is related to time. Yes, sudo does not require a password again for 15 minutes after entering the password once. After 15 minutes, you will be asked to enter your password again.
However, if you want to, you can change this phenomenon. Open the/etc/sudoers file with the following command:
sudo visudo
Find this line:
Defaults Env_reset
Env_reset
Then add the following variables at the end of this line:
Defaults Env_reset,timestamp_timeout=[new-value]
[New-value] is the number of times that you want sudo sessions to persist. For example, set the value to 40.
sudo timeout value
If you want to require a password every time you use the sudo command, you can assign this variable to a value of 0. If you want the sudo session to never be obsolete, you should assign a value of-1.
Note that assigning the value of Timestamp_timeout to "1" is strongly deprecated.
sudo password
You may have noticed that when Sudo asks for a password and then you start typing, it doesn't show anything-even the regular asterisk. While this is not a big problem, some users just want to show asterisks.
The good news is that it's possible and easy to do. All you need to do is to put the following line in the/etc/sudoers file:
Defaults Env_reset
Change into
Defaults Env_reset,pwfeedback
Then save the file.
Now, whenever you enter the sudo password, the asterisk will be displayed.
Hide the sudo password
some important sudo command-line arguments
In addition to the-u command-line arguments (which we have discussed at the beginning of this tutorial), there are other important sudo command-line parameters to note. In this section, we will discuss some of them.
-
k parameter
Consider this scenario: After entering the password you have just run a few sudo-driven commands. Now, as you know, the sudo session is kept for 15 minutes by default. Suppose you need someone to access your terminal during this session, but you don't want them to be able to use sudo, what will you do?
Fortunately, there is the-K command-line parameter that allows the user to remove sudo permissions. Here is an explanation for this on the Sudo help page (man page):
-K,--reset-timestamp
Revoke the user's cached credentials when used without any command. In other words, the next time you use sudo, you will be asked to enter your password. Using this parameter does not require a password or can be placed in a. logout file to revoke sudo permissions.
When combined with a command, or an operation that may require a password, this parameter causes sudo to ignore the cached credentials of the user. The result is that sudo requires a password (if this is required by the security policy) and does not update the user cached credentials.
-
s parameter
Sometimes your job requires you to run a bunch of commands that require root permissions, and you don't want to enter the password every time. You also don't want to adjust the expiration time limit for sudo sessions by changing the/etc/sudoers file.
In this case, you can use the-s parameter of sudo. Here's what the sudo help page explains:
-S,--shell
If the shell environment variable is set or the shell is specified by the calling user's password database, the shell is run. If a command is specified, the command passes the command to the shell through the shell's-c parameter. If no command is specified, an interactive shell is executed.
So, basically this command parameter is done by:
Start a new shell-as for which shell, refer to the Shell environment variable assignment. If the $SHELL is empty, the SHELL defined in/etc/passwd will be used.
If you pass a command name with the-s parameter (for example, Sudo-s whoami), the sudo/bin/bash-c WhoAmI is actually executed.
If you are not trying to execute other commands (that is, you are just running sudo-s), you will get a root-privileged interactive shell.
Keep in mind that the-s command-line argument gives you a root-privileged shell, but that's not the root environment-or your own. BASHRC. For example, in a new shell run by sudo-s, executing the whoami command will still return your user name, not root.
-I
parameter
The-i parameter is similar to the-s parameter we discussed. However, there is a little difference. An important difference is that-I gives you the root environment, which means that your (user's). BASHRC is ignored. This is like being able to root without explicitly logging in as root. In addition, you do not need to enter the root user password.
Important: Be aware that the SU command also allows you to switch users (by default, to root). This command requires you to enter the root password. To avoid this, you can use sudo to execute it (sudo su) so that you only need to enter your login password. However, there are implicit differences between Su and sudo su-to understand them, and the difference between them and sudo-i, see here.
Summary
I hope now that you know at least the basics of sudo and how to adjust the default behavior of sudo. Please try to adjust the/etc/sudoers as we have explained. Also explore the forum discussion to get a deeper understanding of the sudo command.
Sudo command: Troubleshoot errors that occur when you use Linux command lines