In Linux, security is built on a strict permission model. By default, standard users are restricted to their own home directories and cannot alter system files or install software. To perform administrative tasks, you must understand the commands: id, sudo, and su.
1. id: Knowing Your Identity
Before you try to open a locked door, you need to know which keys you hold. The id command reveals your current user identity and group memberships. It is the first step in troubleshooting permission errors.
How it Works
Linux does not identify you by your username (e.g., "john"). It identifies you by your UID (User ID) and GID (Group ID).
Syntax
id [option] [username]Understanding the Output
Running id without arguments shows your current context:
$ id
uid=1000(john) gid=1000(john) groups=1000(john), 4(adm), 27(sudo), 113(docker)
| Field | Meaning | Key Insight |
|---|---|---|
| uid | User ID | The unique numeric tag for the user. 0 is always root. 1000+ are usually standard human users. |
| gid | Primary Group ID | The default group assigned to files you create. |
| groups | Secondary Groups | The full list of groups you belong to. This dictates your "power." |
Essential Flags
- id -u: Print only the UID (Useful in scripts to check if a user is root).
- id -un: Print the username instead of the number.
- id -G: Print all Group IDs.
2. sudo: SuperUser DO
sudo is the industry standard for privilege escalation. It allows a permitted user to execute a command as the superuser (root) or another user, as defined by the security policy.
Why sudo is Superior to Root Login
- Least Privilege: You are root only for the split second the command runs.
- Audit Trail: Every sudo command is logged to /var/log/auth.log (or /var/log/secure). You can track who did what.
- Accountability: You use your password, not the root password. This means you don't have to share the root password with anyone.
Syntax:
sudo [options] commandCommon Scenarios:
| Task | Command | Description |
|---|---|---|
| System Update | sudo apt update | Updates package lists. |
| Edit Config | sudo nano /etc/hosts | Edits a system file safely. |
| Repeat Last | sudo !! | Runs the previous command with sudo (a lifesaver when you forget). |
| Run as Other | sudo -u postgres psql | Runs a command as a specific user (postgres) rather than root. |
How to Grant sudo Access
You cannot just "use" sudo; you must be granted permission. This is usually done in one of two ways:
1. The Wheel/Sudo Group: Add the user to the sudo (Debian/Ubuntu) or wheel (RHEL/CentOS) group:
usermod -aG sudo username2. The Sudoers File: Edit the configuration file directly using visudo.
Warning: Never edit /etc/sudoers with a standard text editor. Always use sudo visudo. It checks for syntax errors before saving, preventing you from locking yourself out of the system.
3. su: Switch User
While sudo runs a single command with borrowed privileges, su creates a new shell session as a different user.
Syntax
su [options] [username]The Critical Distinction: su vs. su -
This is the most common source of confusion and errors for beginners.
1. su username (Non-Login Shell)
- Switches your identity to the target user.
- It keeps your current environment variables (your current directory, your $PATH, your shell settings).
2. su - username (Login Shell) Recommended
- Switches identity AND resets the environment.
- It loads the target user's ~/.bashrc and profile. It puts you in their home directory. It simulates a fresh login.
4. Advanced: sudo -i vs sudo -s vs su -
Sometimes you need a sustained root shell, not just a single command. Which tool should you use?
| Command | Password Required | Environment | Recommendation |
|---|---|---|---|
| sudo -i | Yours | Clean (Login Shell) | Best. Gives you a full root shell using your own credentials. |
| sudo -s | Yours | Dirty (Non-Login) | Good if you need to keep your current shell variables but need root power. |
| su - | Root's | Clean (Login Shell) | Use only if sudo is broken or you are the only admin. |