3.7. Using the Sudo Command

From time to time, any Mac user may need to perform certain tasks that would ordinarily require root access. Earlier, I advised against enabling the root account, but if you did enable it, actually logging in as root is dangerous — even for advanced users — and should be done only on those rare occasions when no alternative exists. Fortunately, there's another — and somewhat safer — way for non-root users to temporarily obtain root access for individual commands: the Unix command-line tool sudo.

First things first: sudo is short for "superuser do," and although it's supposed to be pronounced "sue dew," no one will laugh at you if you pronounce it "pseudo." To oversimplify somewhat, if you're currently logged in as an administrator and you type sudo (and a space) before a command that requires root access, you're prompted for your password and then the command executes.

Although sudo is usually employed to execute a command as root, you can also use it to execute a command as another user. For example, you might do this if you wanted to create or modify a series of files that need to be owned by another user; sudo could be a simpler approach than changing the files' ownership after the fact.

This simple and powerful capability is also more complex than it may at first appear and can be implicated in subtle security risks. So, it pays to understand how it works and how to tailor it to your needs.

3.7.1. How sudo works

When you type a sudo command in ...

Get Mac® Security Bible now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.