Posted on 14th August 2018 by Neil Sperrings

In the beginning there was Sudo: macOS Terminal Skills

macos terminal skills

Having sat on our recent four-day JAMF200 course it was great to revisit some command line skills from times past. Time to dust off those macOS Terminal skills.

Bring on Sudo (and the disclaimer of course)

Type the following ‘whoami’ command (exclude the Amsys$ bit) in a macOS Terminal window and you’ll get the current user:

Amsys$ whoami
sperringsn

Run the same command with ‘sudo’ and the output of ‘whoami’ now shows the ‘root’ user rather than ‘sperringsn’. Nice!

Amsys$ sudo whoami
root

OK, why is this useful? The Sudo (super user do) command is definitely one of the more powerful unix commands and those who regularly spend time at the CLI quickly learn its uses. It allows the user to temporarily gain superuser privileges with the default generally being root (aka the System Administrator account) thus providing the ability to perform system admin level maintenance etc. Time to read that disclaimer below.

“Sounds kinda cool! Tell me more please!”

OK. In another example, let’s say you want to check if Remote Login is enabled on the computer you’re on. We can check this in the GUI (via System Preferences) but as we’re all about the CLI today, let’s see how simple this is. Running the following command (again, after Amsys$) without super user privileges gets you this:

Amsys$ systemsetup -getremotelogin
You need administrator access to run this tool... exiting!

Repeat the command with sudo at the beginning, authentic, and away you go:

Amsys$ sudo systemsetup -getremotelogin
Password:
Remote Login: On

 

Sudo……the common mis-conception

One of the common mis-conceptions of this super-cool, superuser unix command that I’ve heard a fair bit recently on our Support Essentials course is that it’s used solely to provide root level access to a standard user. Or, just to get around any ‘permission denied’ issues one might be presented with.

Whilst true, it’s actually much more powerful in that it can run commands as any user, not just the root user.

Using the example at the beginning of this post, if we now execute the same ‘whoami’ command with ‘sudo -u username we get the following:

sudo -u bob whoami
bob

Again, the output confirms we’re now acting as ‘bob’.

Being able to run commands as any user is definitely a useful tool to have in the box. Additionally, there’s a similar command called ‘su’ for ‘switch user’. We’ll park that for a future blog post.

More Sudo nuggets

  1. Naturally, you’ll be prompted for your password when running a command with sudo for the first time. However, run another sudo command within 5 mins, and you won’t. This is because your credentials are cached (in the current shell window only) for 300 seconds so you don’t have to keep re-authenticating. Create a new Terminal window and you’ll be prompted again though.
  2. As with most things in macOS, there’s a log file for that! This includes sudo. Using the Console app (locate using macOS Spotlight via CMD+Space). Within Console search for process:sudo:
  3. And……for when you forget to type sudo:

Typing a command (even if short in length) and then realising you’ve forgotten to add the sudo command at the beginning is just plain annoying. You can up-arrow of course to call the last typed command and then add sudo to the beginning, or worse, type it out again.This trick, however, negates that need:

sudo !!

Using this simple command will run the previous typed command using sudo. Nice!

So, there we go, hopefully that provides a little more background on using sudo. If you would like more info on the command line then check out our Command Line Essentials course.
The all important disclaimer:
Obviously, with great power, comes great responsibility and therefore the above is best left to System Administrators within your live/production environment. Only give users the access they need in order to perform their role – breaking (and then fixing) stuff in a test environment is kinda fun, breaking stuff in a live environment is not!