This message has many forms, but all indicate one humbling fact: you don’t have permission. I remember the first day my computer rebelled. It was a Tuesday. I hate Tuesdays. Good things never happen on Tuesdays.
Anyway… eventually your computer will stand up to you. It will berate you for not being good enough, and you will have to fight back.
Take Up Arms!
The only way to pummel your machine back into servitude is to get the needed permission. Most of the time, this is superuser, or root, permission. Occasionally, it is another user’s permission. But whatever the case, you must find it.
There are two common methods for obtaining these permissions. ‘su’ and ‘sudo’.
Option #1: The ‘su’ Command
This is the most widely supported method of getting permission. ‘su’ stands for “substitute user.”
Executing it with a username as the first argument switches you to their user account, giving you all their permissions. After executing the command, a password prompt will appear where you need to type the user’s password.
For example, if the user you need permission from is aloysius, type the following:
Enter aloysius‘s password at the prompt and you are off and running as him.
More often, however, this command is used to get root permissions, in which case you do not need any arguments:
The shell will prompt for the root user’s password, and after you give it, you are effectively logged into your terminal session as root with all of root’s power.
Once your finished masquerading as the other person, or as root, you run the ‘exit’ command, which returns you to your normal terminal.
Shortcomings of ‘su’
- It facilitates bad habits. When use ‘su’, your terminal gains the power of that user, and does not release that power until you close the terminal or run the ‘exit’ command. This allows users to continue to work as root without thought, which is a fantastic way for you to break your Linux install, or to accidentally leave a root terminal up and running when you leave your desk (a security risk).
- It requires everyone to know the password of the user they are trying to masquerade as. This not only requires memorization by everyone involved, but is a huge security risk.
- Comprehensive security policies are somewhat difficult to implement and manage, making it less likely that the policies are enacted and used properly.
- Some popular distributions, such as Ubuntu, lock the root account’s password. This prevents anyone from being able to use ‘su’ to gain root privileges without unlocking the root account.
Option #2: The ‘sudo’ Command
The ‘sudo’ command is less powerful, but arguably a safer choice for gaining privileges.
Unlike ‘su’, ‘sudo’ only runs a single command with the gained privileges. ‘su’ essentially logged the terminal session in as the specified user until you told it to stop. ‘sudo’ gets the permission, runs the command, then releases the privileges. Also, ‘sudo’ also asks for your password, not the password of the root user.
These two differences all but eliminate the shortcomings of the ‘su’ command. Users do not need to know the other user’s password, which shuts a security hole and reduces the need for memorization. A root-powered terminal will not be left open should you need to leave your computer. And the ‘sudo’ workflow and structure is more easily secured, logged, and managed.
To gain root privileges with ‘sudo’, simply preface your command with it. For example, if I wanted to run the command shown in the screenshot above (“apt-get update”), I would type the following:
sudo apt-get update
A password prompt will appear, in which you type your password.
To gain another user’s permission, you use the -u switch with the desired username as the parameter like this:
sudo –u aloysius whoami
To prove this command is working, here is a screenshot from a Linux terminal.
By default, ‘sudo’ remembers your password for several minutes. During that time, any later uses of ‘sudo’ will not require re-entering your password. This timeframe is easily altered or eliminated.
Shortcomings of ‘sudo’
- You have to preface every command needing upgraded privileges with it. That’s a lot of extra typing.
- It doesn’t feel or look as deliberate as ‘su’. It’s easier to dismiss or take for granted the power the command gives you, which can lead to horrible habits.
- Redirecting the output of a command is trickier.
- In large networked environments (such as office buildings), user account management is more complex and involved, and ‘sudo’ can have unintended consequences in those scenarios.
- ‘sudo’ is not installed in every distribution by default, and in some others, it’s configuration settings are changed to modify its behavior. This means it isn’t ubiquitous, and what it does isn’t always consistent across distributions.
As mentioned above, some distributions do not have ‘sudo’ installed, or configured in a way allowing the uses we discussed above. Arch Linux for example does not have it installed at all, and you would need to install it manually. CentOS locks down the abilities of the ‘sudo’ command. For distributions like this, you must install ‘sudo’, or make some changes to it.
Other distributions, such as Ubuntu, lock down the root account making it impossible to use ‘su’ to gain root privileges without making some changes. They prefer you use ‘sudo’ for all root privilege needs.
Not every distribution is the same. What works in Ubuntu may not work in Fedora. When picking up a new distribution, it is wise to research how these commands are treated before ‘sudo’ing your way around.
Tuesdays are awful.
Oh, and the commands discussed here allow a user to impersonate another user and gain their privileges. ‘su’ feels more deliberate and is easier to use if you need to run a lot of commands as the other user. ‘sudo’ prevents the bad habits ‘su’ users can develop, and is easier for system administrators to secure and monitor.
If your system has both installed and configured, there is no rule that states you must only ever use one. Experiment! Find your favorite, or switch between them when it’s appropriate.
Once you master these commands, you will once again control your computer and will never fear those dreaded lack of permission messages. Now, it’s your turn! Which command do your prefer and why? Speak up in the comments below!