Beginning a journey into Linux can be somewhat confusing. There are plenty of new features and terms being thrown at you that you’ve likely never heard before. Two such terms are Root and Sudo.
What is Sudo and Root? These two terms are among some of the most important you’ll expect to find when it comes to the more popular Linux distributions. Of course, understanding what they are and their use is of paramount importance.
Whether you’re an actual beginner jumping into Linux for the first time or a returning user that needs a refresher, we intend to get you started on the right path. We’ll explain what exactly each of these is, how they’re used, and why they’re important.
What Is Sudo & Root On Linux? Why Are They Important?
Each of the two terms is primarily important to the access of certain permissions. The same permissions to be exact. Where they differ is how to go about that access.
We’ll first begin with Root, what it is and why it’s important.
What Is Root?
Root, often referred to as “Superuser” is a special directory represented by a forward slash (/). Root has access to all files and commands in any Unix-like operating system.
Not to be confused with the home directory of the root user which is represented as /root, Root (/) is the starting point for the entire directory, whose hierarchy is laid out similar to that of a tree, that all other directories branch out from.
Accessing Root Permissions
Those with the necessary permissions to access Root have special privileges that enable them to modify the system at will. These privileges also grant the ability to bestow other users with certain access permissions. Foolish and reckless use of such power can become catastrophic to the system. You could be looking at a complete and total system failure or, at the very least, a corrupt system.
This illustrates the importance of a system like Root. It pretty much is the system. Too much tampering may yield unfavorable results which is why Root should only really ever be used to enable other superuser privileges on certain accounts.
Using the visudo command to edit /etc/sudoers, you can provide minimal privileges to other account types, such as supervisor, where they can add new users and modify their accounts without the need to enter Root itself.
From here on out, these accounts will no longer have a need to access Root and can instead use the sudo command to perform user management tasks. Other tasks will still require superuser permissions that only the root user can provide. If you ever need to provide additional permissions you can repeat the steps above, provide them, and then use the exit command to immediately return to your current user account.
Avoid using Root to modify anything at an account level. Root should be reserved for system changes only. Aside from the root user, no other accounts should be allowed access. Add permissions based on needs to other users and groups so that they can access what is necessary via the sudo command.
What Is Sudo?
Sudo, which stands for “Super User DO,” is one of the most important commands in a Linux system administrator’s arsenal. It allows you to perform certain tasks without the need to be logged in as root, or using the Su (switch user) command.
The Importance Of Sudo
The Sudo command can help you get around the annoying “Access Denied” prompt that you may have run into when attempting to run something in the command terminal. Add the prefix sudo with any Linux command and it will run that specified command with elevated privileges, which are required to perform certain administrative tasks.
You may liken sudo to that of a lesser friendly version of the Windows User Account Control dialog that pops up whenever you attempt something important. You know, the one that asks if you wish to continue what you’re doing requires a click of YES or OK, and then moves forward with the request. Sudo is like that but a bit more dramatic in practice.
Without the proper permissions, things can get awkward really fast in Linux. Important files you thought you had saved, may not have saved correctly. Source code you attempt to compile, doesn’t. Perhaps a recently installed program will no longer run. Other times, you may just wind up with an “Access Denied” stamp preventing you from going any further. You could avoid all of this by first requesting permission using sudo as a prefix to your commands.
Something as simple as rebooting your system will require superuser privileges. If you were to enter reboot without sudo, you would receive an “Access Denied” prompt. Instead, in order to circumvent the annoying prompt, type in
sudo reboot
You should receive a very different prompt. One that lets you know that your system will now be rebooting.
After using sudo, it may require you to enter your account password. Ensure that you enter your account’s password and not that of the root user account. So long as the password is correct, the command should be pushed through.
Why is Sudo A Better Alternative to Root (/)
Using sudo is far safer for your system than going into root and attempting commands. You run a greater risk of messing something up while you’re in root, that to be able to perform elevated commands without the risk is a no brainer.
Sudo is also a better alternative to the switch user (Su) command. Su will request the root password and provide a superuser prompt in the form of a #. This # is to let you know that you are currently inside the root directory. At this point, you can perform all elevated commands. The problem occurs when you forget that you’re still in the root directory and start firing off commands that can alter your system. Even just a slip up in the command itself via typo could render devastating results.
Do yourself a favor and use sudo. Typos, a cat jumping on your lap, and even the wrath of God are less of a threat to your system. Sudo is also the most preferred way of doing things in the Ubuntu distribution. So, if this is the one you’re using, you should get well acquainted with the command.
Sudoers
We’ve already touched on this topic earlier but we never discussed exactly what it is. Sudoers is the file that holds control over which accounts have access to the sudo command. By default, you can find the file located within /etc/sudoers. You can edit this file safely via the visudo command, vi being the editor with elevated privileges.
Visudo will allow you to edit the sudoers file and save the changes. It will also lock the file, preventing anyone else from making changes to it. Once you’ve finished editing the file, errors will be parsed from the file prior to saving.
The sudoers file contains many different parameters where you can specify which users of which groups can perform specific commands. To provide a user with sudo command capabilities, enter the username followed by a space and the word ALL in all caps.
username ALL
The same thing can be done for groups by adding a % in front of the group name, followed by ALL in all caps.
%groupname ALL
Now the user(s) and group(s) you’ve granted sudo permissions to will have full root permissions.