Sudo Command in Linux: Run Commands as Root

The sudo command allows you to run programs as another user, by default the root user. You will use it whenever a task requires administrative privileges, such as managing packages, services, users, or system configuration files.

Using sudo instead of logging in as root is more secure because you can grant limited administrative privileges to individual users without them knowing the root password.

This guide explains how to use the sudo command on Linux, covering common options, sudoers configuration, and real-world examples.

Installing Sudo #

The sudo package is pre-installed on most Linux distributions.

To check whether sudo is installed on your system, run:

sudo --version

If sudo is not installed, you will see a sudo: command not found error. To install it, run the following commands as the root user.

Install Sudo on Ubuntu, Debian, and Derivatives #

apt install sudo

Install Sudo on Fedora, RHEL, and Derivatives #

dnf install sudo

Adding a User to Sudoers #

By default, on most Linux distributions, granting sudo access is as simple as adding the user to the sudo group defined in the sudoers file . Members of this group can run any command as root. The name of the group differs between distributions.

On Fedora, RHEL, and their derivatives, the sudo group is named wheel. To add the user to the group , run:

usermod -aG wheel username

On Ubuntu, Debian, and their derivatives, members of the sudo group are granted sudo access:

usermod -aG sudo username

The root user account in Ubuntu is disabled by default for security reasons, and users are encouraged to perform system administration tasks using sudo. The initial user created by the Ubuntu installer is already a member of the sudo group.

To allow a specific user to run only certain programs as sudo, add the user directly to the sudoers file instead of the group. Open the file with visudo:

sudo visudo

Then append the following line to allow the user linuxize to run only the mkdir command:

linuxize  ALL=(root) /usr/bin/mkdir

On most systems, visudo opens the /etc/sudoers file with the vim editor. If you do not have experience with vim, see our article on how to save a file and quit the vim editor .

You can also allow users to run sudo commands without entering a password :

linuxize  ALL=(ALL) NOPASSWD: ALL

How to Use sudo #

The general syntax for the sudo command is:

sudo [OPTION]... COMMAND

The sudo command has many options that control its behavior, but it is most commonly used in its basic form without any options.

To run a command as root, prefix it with sudo:

sudo command

Where command is the command you want to run with elevated privileges.

The first time you use sudo in a session, you will be prompted to enter your user password. Once authenticated, sudo reads /etc/sudoers to verify the user has permission, then executes the command as root.

For example, to list the contents of the /root directory:

sudo ls /root

[sudo] password for linuxize:
.  ..  .bashrc  .cache  .config  .local  .profile

Open a Root Shell #

Instead of prefixing every command with sudo, you can open an interactive root shell for an extended session.

The -i option starts a login shell as root, loading root’s environment, home directory, and shell configuration:

sudo -i

The -s option starts an interactive shell as root without running a login shell, keeping more of your current environment:

sudo -s

Use exit or press Ctrl+D to return to your normal user session.

List sudo Privileges #

To see what commands the current user is allowed to run with sudo, use the -l option:

sudo -l

Matching Defaults entries for linuxize on server:
    env_reset, mail_badpass, secure_path=...

User linuxize may run the following commands on server:
    (ALL : ALL) ALL

To list privileges for a specific user, pass the -U flag followed by the username:

sudo -l -U username

Password Timeout #

By default, sudo caches your credentials for a period defined in the sudoers file — typically 5 minutes on RHEL-based systems and 15 minutes on Ubuntu and Debian. After that period of inactivity, sudo will prompt for your password again.

To change the default timeout, open the sudoers file with visudo:

sudo visudo

Add the following line, replacing 10 with the desired timeout in minutes:

Defaults  timestamp_timeout=10

To set the timeout only for a specific user, use:

Defaults:user_name  timestamp_timeout=10

Invalidate the sudo Timestamp #

To manually clear the cached credentials and force sudo to prompt for a password on the next use, run:

sudo -k

This is useful when you finish a privileged session and want to require re-authentication immediately.

Run a Command as Another User #

There is a common misconception that sudo is used only to provide root privileges. You can use sudo to run a command as any user by passing the -u option.

In the following example, we are using sudo to run the whoami command as the user richard:

sudo -u richard whoami

The command prints the name of the user running it:

richard

How to Redirect with sudo #

If you try to redirect output to a file that your current user does not have write permission for, you will get a “Permission denied” error:

sudo echo "test" > /root/file.txt

bash: /root/file.txt: Permission denied

This happens because the shell processes the > redirection before invoking sudo, so the redirect runs as your regular user, not root.

One solution is to start a subshell as root using sudo sh -c:

sudo sh -c 'echo "test" > /root/file.txt'

Another option is to pipe the output to the tee command with sudo:

echo "test" | sudo tee /root/file.txt

Quick Reference #

Troubleshooting #

username is not in the sudoers file
The user has not been added to the sudoers group. Log in as root and run usermod -aG sudo username (Ubuntu/Debian) or usermod -aG wheel username (RHEL/Fedora), then log out and back in for the group change to take effect.

sudo: unable to resolve host hostname
The system hostname does not match an entry in /etc/hosts. Add an entry for your hostname in /etc/hosts (for example, 127.0.1.1 hostname on Ubuntu and Debian), then try again.

sudo: command not found after using sudo -i or sudo -s
The root shell may use a restricted PATH that does not include your command’s directory. Use the full path to the command (for example, /usr/local/bin/command), or run sudo env PATH="$PATH" command to preserve your current path.

FAQ #

What is the difference between sudo and su?
sudo runs a single command as another user (usually root) and requires your own password. su switches to another user account entirely and requires that user’s password. sudo is preferred for one-off privileged commands; su is used to fully switch user sessions.

How do I re-run the last command with sudo?
Use sudo !! — the !! expands to the last command in your shell history, and sudo runs it with elevated privileges.

How do I run sudo without entering a password?
Add a NOPASSWD rule in the sudoers file: linuxize ALL=(ALL) NOPASSWD: ALL. See our guide on running sudo without a password .

How long does sudo remember my password?
This depends on your distribution. Ubuntu and Debian default to 15 minutes; RHEL and Fedora default to 5 minutes. You can change this with Defaults timestamp_timeout=N in the sudoers file.

Conclusion #

The sudo command is an essential tool for Linux system administration. It lets you run commands with elevated privileges while keeping your system secure by avoiding direct root logins. Use sudo -l to inspect your privileges, sudo -i to open a root shell, and sudo -k to clear the credential cache when you are done.

If you have any questions, feel free to leave a comment below.

About the authors

Dejan Panovski

Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.

View author page