In the previous method, the standard user temporarily becomes the root using the su command; all the privileges of root are granted by specifying the root password. This method is not suitable for running some programs as root as it gives unlimited privileges to the normal user. Granting privileges using sudo is less dangerous and is the preferred method.

The sudo feature is used to assign more limited privileges to user accounts, based on the settings in the /etc/sudoers file. In this method, sudo requires the user to enter their own password for authentication and not the password of the account they are trying to access. This method allows them to delegate system administration tasks, without giving them access to the root password. We can also restrict the privileges of the user to a specific subset of commands; that is, he can execute only a limited number of specified commands as root. Any command executed using sudo is logged by default into the /var/log/secure log file.

To execute just one command with root privilege, type sudo <command>. After the execution of the command, you will return to being a normal unprivileged user. An example of using sudo to execute just the iptables command with root privileges is shown in the following screenshot:

The log of commands executed using sudo is stored in /var/log/secure as shown in the following screenshot:

An example of granting a user rights to execute an admin command using sudo by making the required entry in the /etc/sudoers file is shown in the following screenshot: