Linux Basics: Elevating Permissions and the sudo Mechanism

Introduction

In Linux systems, not all operations can be performed by regular users. Some critical operations (such as installing software, modifying system configurations, and managing services) require superuser (root) privileges.

However, operating directly as root is highly risky; a single mistake can lead to system failure.

Therefore, Linux provides a safer solutionβ€”sudo. With the <span>sudo</span> command, regular users can perform privileged operations within a controlled scope, ensuring both safety and flexibility.

1. Obtaining Superuser Access

The highest privilege account in Linux is the root user, with a UID of 0. It has complete control over the system, including user management, file modification, and system settings.

If a regular user wants to obtain root privileges, there are mainly two methods:

βœ… Method 1: Switch to the root user using su

su -              # Switch to root user, requires root password
su - username     # Switch to specified user (enter corresponding user password)

πŸ“˜ Note:

  • The su (switch user) command can switch to other users.
  • Adding the – option loads the target user’s environment variables.
  • When switching to root with su -, the prompt changes to #, indicating that you are in the highest privilege level.

⚠️ Caution:

  • su requires the root user’s password.
  • If the administrator has not provided the root password to regular users, this method will be unavailable.

βœ… Method 2: Use sudo to execute privileged commands

sudo command      # Execute specified command with root privileges
sudo -i           # Open a shell environment with root privileges
sudo -u user cmd  # Execute command as specified user

πŸ“˜ Note:

  • sudo is the recommended method for privilege escalation, being safer than su.
  • It controls who can use sudo and which commands can be executed through the configuration file /etc/sudoers.
  • Using sudo will prompt for the current user’s password (not the root password).

🧩 Practical Example:

Assuming the regular user student needs to install a software package:

sudo dnf install vim   # Execute installation with root privileges

During command execution, the system will prompt for the student user’s password, and it will check in <span>/etc/sudoers</span> whether the student has permission to execute that command.

πŸ“˜ Security Tip: All operations using sudo are logged in <span>/var/log/secure</span>, facilitating auditing and tracking by administrators.

2. sudo Configuration File and Rules

The sudo configuration file is located at <span>/etc/sudoers</span>, which defines which users can execute which commands as what identities.

⚠️ Directly editing <span>/etc/sudoers</span> may cause the system to lock up; always use the safe command:

sudo visudo

This command automatically checks for syntax errors upon saving.

πŸ“œ Basic Syntax of the sudoers File

User Host = (Switch Identity) Command List

For example:

root ALL=(ALL) ALL
student ALL=(ALL) /usr/bin/dnf, /usr/bin/systemctl

πŸ“˜ Explanation:

  • <span>root ALL=(ALL) ALL</span>: The root user can execute any command on any host.
  • <span>student ALL=(ALL) /usr/bin/dnf</span>, <span>/usr/bin/systemctl</span>: Indicates that the user student can execute the <span>dnf</span> and <span>systemctl</span> commands.

πŸ”§ Granting a User Full sudo Privileges

If you want a user to have complete root privileges, you can add the following to the sudoers file:

student ALL=(ALL) ALL

At this point, the <span>student</span> user can execute any command simply by prefixing it with <span>sudo</span>.

πŸ” Restricting a User to Execute Specific Commands Only

For example, to restrict the user devops to only restart services:

devops ALL=(ALL) /usr/bin/systemctl restart nginx

At this point, the <span>devops</span> user cannot perform other root-level operations, thus enhancing security.

🧩 Practical Example: Editing sudoers to Add Custom Rules

sudo visudo
# Add the following at the end of the opened file:
student ALL=(ALL) ALL

After saving, the regular user student can use sudo to execute system commands.

Verifying the Effect:

sudo whoami     # Execute as root, output "root"

πŸ“˜ Note: <span>sudo visudo</span> performs syntax checks upon saving, effectively preventing misconfigurations that could render sudo unusable.

3. wheel Group and sudo Group

The management of sudo privileges varies slightly across different Linux distributions.

Typically, joining specific system groups (such as wheel or sudo) automatically grants sudo privileges.

1️⃣ wheel Group (CentOS / RHEL Series)

In systems like Red Hat, CentOS, and Rocky, the following configuration exists in <span>/etc/sudoers</span>:

%wheel  ALL=(ALL)  ALL

πŸ“˜ Explanation:

  • The % sign indicates a group name.
  • It means that all users belonging to the wheel group can use sudo to execute any command.

To grant a user sudo privileges, simply add them to the wheel group:

sudo usermod -aG wheel student   # Add student to the wheel group

Verifying Permissions:

sudo whoami    # Output root

2️⃣ sudo Group (Ubuntu / Debian Series)

In Ubuntu, the corresponding group name is sudo:

%sudo ALL=(ALL:ALL) ALL

πŸ“˜ Note:

  • This serves the same purpose as the wheel group in CentOS.
  • When creating a new user, if you add the –groups sudo parameter, they will automatically receive sudo privileges.

Example:

sudo usermod -aG sudo student

After this, the student can execute commands via sudo without modifying the sudoers file.

🧩 Practical Example: Granting a User sudo Privileges

sudo useradd testuser -m        # Create user
sudo passwd testuser            # Set password
sudo usermod -aG wheel testuser # Grant sudo privileges (CentOS)
# Or in Ubuntu use:
# sudo usermod -aG sudo testuser

su - testuser                   # Switch to new user
sudo whoami                     # Output root indicates privileges are effective

πŸ“˜ Note: This method is safer and more maintainable than manually editing the sudoers file.

Conclusion

In this chapter, we learned three key aspects of obtaining superuser privileges in Linux:

  • The differences and usage scenarios of su and sudo
  • The sudoers configuration file and permission rules
  • The mechanisms and management methods of the wheel group and sudo group

By mastering these concepts, you can safely use root privileges while efficiently completing system management tasks and protecting system security.

Leave a Comment