sudo
DevOps & Adminsudo is a Unix and Linux command that lets an authorized user run a specific command with elevated privileges, typically as the root user, without logging in as root. It relies on policy rules (usually in the sudoers configuration) to control who can do what, and it records activity for auditing. In hosting environments, it is central to safe server administration.
How It Works
When you prefix a command with sudo, the system checks whether your account is permitted to run that command as another user (most often root). Permissions are defined in /etc/sudoers and in additional files under /etc/sudoers.d, commonly edited with visudo to prevent syntax errors that could lock you out. If allowed, sudo may prompt for your password, then temporarily grants the required privileges only for that command execution.
sudo supports fine-grained controls such as limiting commands, requiring a password every time or caching authentication for a short period, and restricting execution to certain hosts or groups. It also logs usage (often to syslog or journald), which helps with accountability. Because sudo elevates privileges, it should be paired with least-privilege rules and careful handling of environment variables and PATH to reduce the risk of running the wrong binary or inheriting unsafe settings.
Why It Matters for Web Hosting
sudo is a practical indicator of how much control you will have on a hosting plan. Shared hosting typically does not provide sudo access, while VPS and dedicated servers often do, enabling you to install packages, change system configuration, manage services, and troubleshoot at the OS level. When comparing providers, consider whether you get full root access, limited sudo, or no privilege escalation, and how that aligns with your maintenance responsibilities and security requirements.
Common Use Cases
- Installing or updating software packages (for example, using apt, dnf, or yum)
- Managing services and daemons (systemctl restart nginx, systemctl status mysql)
- Editing protected configuration files (/etc/nginx/nginx.conf, /etc/ssh/sshd_config)
- Managing users, groups, and permissions (useradd, passwd, chown, chmod)
- Running maintenance tasks like log rotation checks, firewall changes, or backup scripts
sudo vs su
su switches to another user account (often root) and typically starts a new shell session with that user privileges until you exit, which can increase the chance of accidental system-wide changes. sudo elevates privileges per command and can be restricted to specific commands, users, or groups, with detailed logging. For hosting administration, sudo is generally preferred for least-privilege access and auditability, while su is mainly used for full interactive root sessions when explicitly required.