Ubuntu – What does the ‘sudo -s’ command do, and how is it used in this example

bashcommand linepermissionssoftware installationsudo

I have the following doubt. In a tutorial related to a software installation that I am following say that I have to execute the following commands (I am doing it into an ssh shell, so this list of steps end with the exit command):

sudo -s
apt-get update
apt-get install -y build-essential libtool libcurl4-openssl-dev libncurses5-dev libudev-dev autoconf automake screen
exit

My doubts are:

What exactly does the -s parameter do after sudo command?

Searching on the web I found that:

‑s [command]
The ‑s (shell) option runs the shell specified by the SHELL environment variable if it is set or the shell as specified in the
password database. If a command is specified, it is passed to the
shell for execution via the shell's ‑c option. If no command is
specified, an interactive shell is executed

It seems to me that the sudo -s execute a command using the environment variable of the shell.

But this is not clear for me: in this case what is the command executed with the environment variable? (it only executes sudo -s and not sudo -s [command]).

Best Answer

The simple answer is it gives you a root shell. That's what it's being used for here. There's a good technical comparison between the su, sudo -i, sudo -s and sudo su methods on Unix.SE but that's really not relevant here. The code could have used any and would have worked.

The help nugget means a few things:

It's looking for a command in the $SHELL environment variable. If you run echo $SHELL you'll probably see /bin/bash. That means you'll get a root instance of Bash. I'm sure if you were in zsh it would mean you get a root instance of zsh.
If $SHELL is empty, it falls back to the default shell defined in /etc/passwd for that user.
If you provide a command (eg sudo -s whoami), it's actually running: sudo /bin/bash -c "whoami"
If you don't pass a command, it doesn't pass a -c argument over so you just get an interactive shell.

I've used the phrase "root" several times. By default sudo is all about running things as root but sudo (and su) can run things as other users (if you have permission to do so). I'm only stating this for the pedants who will cry out that sudo -s -u $USER doesn't give them a root shell as I promised -s would above.

And in my humblest of opinions, it's really silly to become root for just two commands, not to mention that it could leave a user accidentally running further commands as root. If you want or need to run something as root, just premend the command with sudo:

sudo apt-get update
sudo apt-get install -y build-essential libtool libcurl4-openssl-dev libncurses5-dev libudev-dev autoconf automake screen

I'd be dubious of any tutorial that suggested getting a root shell, except in the cases where you do have bucketloads of commands to run... And even then, there's scripting.

Related Solutions

Ubuntu – What are the differences between “su”, “sudo -s”, “sudo -i”, “sudo su”

The main difference between these commands is in the way they restrict access to their functions.

su (which means "substitute user" or "switch user") - does exactly that, it starts another shell instance with privileges of the target user. To ensure you have the rights to do that, it asks you for the password of the target user. So, to become root, you need to know root password. If there are several users on your machine who need to run commands as root, they all need to know root password - note that it'll be the same password. If you need to revoke admin permissions from one of the users, you need to change root password and tell it only to those people who need to keep access - messy.

sudo (hmm... what's the mnemonic? Super-User-DO?) is completely different. It uses a config file (/etc/sudoers) which lists which users have rights to specific actions (run commands as root, etc.) When invoked, it asks for the password of the user who started it - to ensure the person at the terminal is really the same "joe" who's listed in /etc/sudoers. To revoke admin privileges from a person, you just need to edit the config file (or remove the user from a group which is listed in that config). This results in much cleaner management of privileges.

As a result of this, in many Debian-based systems root user has no password set - i.e. it's not possible to login as root directly.

Also, /etc/sudoers allows to specify some additional options - i.e. user X is only able to run program Y etc.

The often-used sudo su combination works as follows: first sudo asks you for your password, and, if you're allowed to do so, invokes the next command (su) as a super-user. Because su is invoked by root, it does not require you to enter the target user's password. So, sudo su allows you to open a shell as another user (including root), if you're allowed super-user access by the /etc/sudoers file.

Ubuntu – the $BASH_COMMAND variable good for

Answering to the third question: of course it can be used meaningfully in the way at Bash manual clearly hints – in a trap, e. g.:

$ trap 'echo ‘$BASH_COMMAND’ failed with error code $?' ERR
$ fgfdjsa
fgfdjsa: command not found
‘fgfdjsa’ failed with error code 127
$ cat /etc/fgfdjsa
cat: /etc/fgfdjsa: No such file or directory
‘cat /etc/fgfdjsa’ failed with error code 1

Best Answer

Related Solutions

Ubuntu – What are the differences between “su”, “sudo -s”, “sudo -i”, “sudo su”

Ubuntu – the $BASH_COMMAND variable good for

Related Question