Linux System Administrator su and sudo commands explained
The person assigned to handle and manage all Linux system resources is known as system administrator. In order to make administrative changes in a Linux system you need to be a root user or acquire temporary root privilege for any command you execute. This can be accomplished by using the sudo command.
It's not recommended to login into a Linux system as a root user. If you are a Linux system administrator you are advised to login into the system as a regular user and ask for root user privilege when you need them. This can be accomplished by these two commands: su command and sudo command.
Su Command: This command can be used to login a regular user as a root user. When this command is used without any argument, it will try to login as root user and prompt the user to enter a root user password. Also this command can be used to login in the system as other users of the system, if you are currently logged in as root user you can switch to any user of the system by using this command. Example su - gmuser. This command will try to login in the system as the user gmuser. If you are currently logged in as root user you will be prompted to enter gmuser password.
Sudo command: This command can be used to execute root user privileged commands without being in as a root user. We can execute any root user command while logged in as a regular user in the system. Example, you cannot list root directory contents if you are logged in the system as a regular user, you need to be a root user to list root directory contents. But we can use sudo to list root directory contents while we are logged in as regular user: sudo ls -l /root. After executing this command we will be prompted to enter root user password. After running that one command with sudo, the user is immediately returned to a shell and acts as the regular user again.
Linux Graphical administrative tools
In older Linux systems many administrative tasks require the knowledge of Linux command line interface, because many tasks can only be accomplished via command line. But now new Linux systems provide graphical tools that can perform some of administrative tasks. Many of these tools stills require the user to be a root user in order to run them. When starting these tools as a regular user you will be prompted to enter root user password.
Many of these tools starts with system-config-*. Example, you can change system data and time via a graphical tool. To start running this tool we execute this command system-config-date, or to configure network we can execute system-config-network.
Most of these tools are available in Fedora and RedHat Linux Distros.
- system-config-network: this is the tool for managing network interfaces and connection.
- system-config-data: this is the tool for managing system date and time.
- system-config-users: this is the tool for add, delete, modify and change users in the Linux system.
- system-config-language: this is the tool for managing system language.
- system-config-httpd: this is the tool for managing Apache web server in the system.
- system-config-firewall: this is the tool for managing firewall configurations in the system.
- system-config-rootpassword: this is the tool for managing root user password, this tool can be used to change root user password.
- system-config-kickstart: this tool can be used to create a kickstart configuration file that can be used to install Linux systems without user interaction.
- gnome-disks: this is the tool that can be used to manage disks that are installed in the system.
- system-config-samba: this tool can be used to configure samba nfs server.
- system-config-nfs: this tool can be used to configure nfs server.
Sudo command in more details
Not every user in the system can use sudo command to execute root user privileged commands. In order for regular user to use sudo command he/she need to be included in the sudoers file. sudoers file contains information about which commands can user execute with sudo command and which password to use.
Benefits of using sudoers to give regular user root privilege to certain commands.
- Assign root privilege for any command they run with sudo
- Assign root privilege for a select set of commands.
- Given users root privilege without telling them the root password, because they only have to provide their own password to gain root privilege.
- Allows users, if you choose, to run sudo command without entering a password at all.
- Track which users have run administrative commands on your system.
To give a regular user access to sudo command, first we need to include that user into sudoers file. The sudoers file is located in the Linux system in /etc/sudoers and we can open it with a normal text editor like nano or vim. But it's not recommended because sudoers require to be written in a valid syntax in order for it to work. The recommended way to edit the sudoers file is to use the visudo command. This command will open special text editor that is designed to edit sudoers file. This editor will validate sudoers file before saving it. In order to run visudo command you need to be a root user.
Sudoers file syntax and examples
Suddoers file require a certain syntax in order for it to be valid. This is the syntax that is required when you add a new user into sudoers file:
- USERNAME MACHINE = COMMANDS
Example: to add user gm in sudoers file we use this command.
- gm ALL=(ALL) ALL
This command will allow the user GM to execute any command as root user as long as he provide his account logged in password when he use sudo command.
Read more about sudoers syntax and how to edit it.