A QUICK REFERENCE TO… SUDO
You will usually be logged in as a normal user when using Linux, but some operations require elevated privileges. For example, installing or updating software needs the full access that only the root user has. In the past, the solution was to log in as root, usually by running su (switch user) in a terminal. This has two key disadvantages: it requires the user to know the root password, and once they have run su they can do everything root can. That is why almost all distros prefer to use
sudo these days.
The effect of using sudo is similar – it enables a program to be run as another user (like su, it defaults to the root user unless told otherwise), but it doesn’t require them to be given the keys to the kingdom, the root password. Instead, they only have to confirm their own password.
At this point you may be wondering, where is the security in that if anyone can give their own password? The key is that sudo is not all or nothing; a user can run a command as root, but only if sudo has been told they can, which is set up in the /etc/sudoers
file. Most distros give full rights to any user in an admin (or similar) group, and add the first user created during installation to that group. So the user that installed the distro can administer it, but subsequent users cannot unless changes are made.
Sudo goes further than that; it can allow users to run only specific commands, instead of giving them full root access. It can also allow some or all commands to be run without asking for the password, which can be useful if there are certain relatively harmless commands that you need to run often.
Sudo is a command line program. Run $ sudo command_to_run
but there are also graphical equivalents that are often used by desktop software, for example when launching your package manager.