Author: Josh Amata
Last Updated: Tue, Nov 2, 2021In this guide, you will learn about root access, the sudo command, how to run commands using sudo, and the differences between sudo access and root.
root refers to the superuser account in Unix-like systems such as Linux. It is a privileged account with the highest access rights on the system used for system administration. This root/superuser account has a user identifier (UID) of zero, regardless of the name of the account.
The root user has full permissions (root privileges) to the entire system. It can do things like modifying core parts of the system, upgrading the system, changing system configuration, and starting, stopping, and restarting all running system services.
When logged in as root (using su -), the terminal command prompt symbol changes from
$ echo 'You are in a normal shell'
to
# echo 'This is a root shell'
On some systems like Ubuntu, the root user is locked by default.
The sudo (superuser do) command is a command-line utility that allows a user to execute commands as the root or a different user. It provides an efficient way to grant certain users the appropriate permissions to use specific system commands or run scripts as the root user.
Although a bit similar to the su command, sudo differs as it requires the user's password for authentication by default, rather than the target user's password that su requires. Sudo also doesn't spawn a root shell; rather it runs the program or command with elevated privileges, unlike su, which spawns a root shell.
With sudo, a system administrator can carry out the following actions:
Sudo keeps a log of all commands and arguments executed in the /var/log/auth.log file, which can be analyzed in the event something breaks.
sudoers fileSudo uses the default sudoers security policy and keeps a special configuration file /etc/sudoers. This file can be used to control access rights and password prompt timeouts.
Note: You must have elevated privileges to view the sudoers file
Open the /etc/sudoers file; it should look like this:
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/
sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
The line:
root ALL=(ALL:ALL)ALL
means that the root user has unlimited privileges and is capable of running any command on the system.
%sudo ALL=(ALL:ALL)ALL
Allows all members of group sudo to execute any command.
Note: '%' in the sudoers file represents a group
As you can see from the first line in the /etc/sudoers file:
# This file MUST be edited with the 'visudo' command as root
Do not attempt to edit the sudoers file directly. Use the visudo command with root privileges.
To run commands as sudo, prepend the command with sudo:
$ sudo command
It will prompt you for a password, enter your account password, and click ENTER:
$ sudo command
[sudo] password for user:
Now, command is going to run with elevated privileges.
The principle of least privilege is an information and computer security concept that holds the idea of granting programs and users the least or bare minimum privileges required to perform a task.
When logged in as root, every command entered into the terminal runs with the highest privileges on the system, which violates the principle of least privilege. A simple command like rm could be used to delete core root directories or files without prompting the user when unintended. For instance, if you tried to delete a root directory like /etc using:
$ rm -rf /etc
You will be denied permission as you are logged in as a normal user. When logged in as root, no prompts will be shown, and the entire folder will be deleted - which may most likely break your system as special configuration files needed for running the system are stored in the /etc directory. You could also end up formatting a disk wrongly, and the system won't prompt you.
This flaw also extends to running code or applications as root; a small bug in the application could erase some system files because the application is running under the highest privileges.
Sudo provides fine-grained access control. It grants elevated permissions to only a particular program that requires it. You know which program is running with elevated privileges, rather than working with a root shell (running every command with root privileges).
Sudo can also be configured to run commands as another user, specify which users and groups are allowed to run commands using sudo, or set timeouts for running programs with root privileges by editing your sudoers file.
Consequently, running commands with the root shell is not advised as the chances of you breaking your system are much higher. If you require higher or root privileges to run a command, use sudo to be sure only that command is running with root privileges.
In this guide, you have learned about root, sudo, and the drawbacks that come with running commands directly in the root shell. For more information, check out the sudo man page.
You can learn more about how to use sudo at Vultr in our documentation library.