I’ve recently been working with some new tools that require a bit of local configuration, which means I’ve been running into a lot of tutorials and Stack Overflow responses that suggest using commands that start with sudo. As much as I love blindly copying and pasting commands into my terminal, I felt it appropriate to do a bit of research and try to understand some of what was going on. So let’s ask ourselves: what is sudo?
Unix-like OS
To start, sudo is related to the concept of Unix-like operating systems. According to computerhope.com, these systems share the following characteristics:
- Supporting multiple users
- Strict segregation between kernel and user processes
- Preemptive multitasking
- A hierarchical file system
Some of these qualities require additional background to really understand, but when examining sudo, we can focus mainly on the first: supporting multiple users.
Superuser
The concept of multiple users might harken back to the days of the family desktop, where different users each want unique desktop backgrounds or to save word documents that others shouldn’t be able to access. So I was confused when I would run commands on my personal laptop, where I imagine myself as the one and only user and the owner of the machine, and received the feedback that user does not have access privileges.
My research helped me realize that Unix’s multiple users are not designed to protect Microsoft Word journal entries from Mom’s prying eyes, but to protect our computer’s very configuration from being unwittingly altered. Even if you are the only person who ever uses your computer, if it is Unix-like, there will always be one other user: the superuser.
This role might go by a different name, depending on your OS. It has been called root, administrator, admin, and supervisor, but it always has the same role. The superuser can act as system administrator and make changes that normally couldn’t or shouldn’t be made. This might include installing programs, moving folders, or updating system settings and controls. By appending sudo before a command, we are taking the role of the superuser and giving that command with additional authority. Sudo stands for super user do (or substitute user do, depending on how exactly you’re using it).
How does it work?
Our operating system should contain a file, /etc/sudoers, that dictates which users have permission to invoke sudo. If you’re curious and would like to follow along at home, be very careful — changing the configuration of this file could damage your installation. That is to say…we don’t want to play with the configuration. For reference, I’m running on macOS Catalina, so the process might work slightly differently if you’re working on a different environment.
As you might imagine, even accessing this file requires superuser permissions. You can find it using the command sudo nano /etc/sudoers, which will prompt you to add your user account’s password. If it worked, you should see a screen like this in your terminal:
To navigate around the file, simply use the up and down arrows. If at any point you are asked if you would like to save changes, the answer is…NO.
Our sudo permissions are contained in lines of text near the bottom of the file:
We see a description of these settings as a comment: “root and users in group wheel can run anything on any machine as any user.” That’s what all the ALLs mean. Specifically:
root ALL = (ALL) ALL means that the root user (aka superuser) has full permissions to execute any command. When we use sudo, we are invoking this power.
%admin ALL = (ALL) ALL means that any user within the admin group (% indicates a group) has the same privileges as a root user. By default, all users are in the admin group.
On my machine, every user has permission to use sudo and sudo will allow them to execute any command. If I wanted to limit this, however, I could add a line to my /etc/sudoers file that gives a specific user a specific permission. If I removed or commented out %admin, which currently encompasses all users, I’d be left with whatever user I had declared. I didn’t make this change in my own file, but theoretically it could look like this:
root ALL = (ALL) ALL# %admin ALL = (ALL) ALLmike ALL = (ALL) ALL
If you’d like to learn more about customizing your /etc/sudoers file, check out the Hostinger and linux.com links I’ve listed at the bottom of this post.
What about su?
The su command, which stands for substitute user, is similar to sudo, but instead of gaining superuser access, su can grant access and permissions belonging to any other user. It accepts an argument that determines which user we would to substitute, but if that argument is not provided, it defaults to the superuser. It can therefore be used in place of sudo, but works slightly differently.
Sources:
Please consult these sources to learn more about sudo, its origins, and its capabilities. It’s exciting to think that, with a simple command, we can all become superusers!