do

View documentation for the for keyword

$ tldr for

$ tldr while

$ tldr select

$ tldr until

sudo [options] command [arguments...]
sudo -v | -l | -k | -K | -s | -H | -A | -b | -p | -u user | -g group | -E | -i

-A
    Ask for password using an external helper program.

-b
    Run command in the background.

-E
    Preserve the user's environment when running the command.

-H
    Set the HOME environment variable to the target user's home directory.

-i
    Run a shell as the target user with their environment (login shell).

-k
    Invalidate the user's cached credentials. Next sudo command will require a password.

-K
    Completely remove the user's cached credentials.

-l
    List the commands the user is allowed to run on the current host.

-n
    Non-interactive mode; never prompt for a password.

-P
    Preserve the user's group vector rather than initializing it to the target user's groups.

-p prompt
    Use a custom password prompt.

-s
    Run a shell as the target user (default: root).

-u user
    Run the command as the specified user instead of the default (root).

-g group
    Run the command as the specified group instead of the default (root).

-v
    Update the user's cached credentials without running a command.

-V
    Display the sudo version and exit.

The sudo (short for 'superuser do') command is a fundamental utility in Unix-like operating systems, including Linux, that allows a permitted user to execute a command as the superuser (root) or another user. This capability is defined by a security policy, typically configured in the sudoers file. Its primary purpose is to provide a controlled and secure method for non-root users to perform administrative tasks without needing to log in directly as the root user. When a user invokes sudo, they are usually prompted for their own password, not the root's password. This design choice enhances security by minimizing the sharing of the root password and provides a clear audit trail of who executed which commands with elevated privileges. The sudoers file, usually edited using the visudo command, governs which users or groups have access to sudo, which commands they can run, and under what conditions (e.g., without a password).

Incorrect configuration of the sudoers file can lead to significant security vulnerabilities, allowing unauthorized privilege escalation. Using NOPASSWD for certain commands can be risky if those commands allow arbitrary code execution. Users should be cautious when granting sudo access and always adhere to the principle of least privilege. The timeout for cached credentials means that users might need to re-enter their password after a period of inactivity, which is a security feature.

The term 'do' by itself is not a standalone executable Linux command. Instead, 'do' is a shell keyword commonly used in control flow statements within shell scripts, such as for loops, while loops, until loops, and select statements. It marks the beginning of the block of commands to be executed repeatedly or conditionally. For example:

for i in 1 2 3; do echo $i; done

If you intended to execute a command with superuser privileges, the command you were likely thinking of is 'sudo', which stands for 'superuser do'.

sudo was originally written by Robert Coggeshall and released in 1980. It was later rewritten by Todd Miller and is now actively maintained by him. It was designed to provide a more granular and auditable alternative to the traditional su (substitute user) command, allowing administrators to grant specific users the ability to run certain commands as root or another user, without needing to share the root password. Its widespread adoption has made it a de facto standard for privilege escalation in Unix-like operating systems, emphasizing security and accountability through its detailed logging capabilities.

su(1), pkexec(1), sudoers(5), visudo(8)