If you can use su, you don’t need sudo.
In traditional Unix, each user has a digital user ID. User 0 is usually known as root or the superuser. Basically, root can do anything on the system.
su command logs you in as the superuser. (Well it spawns a shell making you superuser)
Sometimes, certain users need to do something they’re not normally allowed to do. Imagine if Bob was given the task to make backups. He wouldn’t normally be given read access to other user’s files, and maybe also excluded from reading certain administrator files (like
/etc/shadow that contains the passwords). You could give Bob the root password, but you don’t want him being able to do everything, just run the backup.
sudo command. This command gives people like Bob certain super user access for particular commands. This was set in a file called
/etc/sudoers In this file you can specify which users and groups have superuser (or su) access for which commands, and if they need to enter their personal password to run these commands. Bob can be given superuser status to run backups, but not to reformat the hard drive.
On MacOS, the root user has no password. No one can log in as root. Instead, certain users are given
sudo access. These are users who you specify as administrators in the System Preference. You are an administrator, you can use sudo. If not, you can’t.
Normally, the way you use sudo is to use sudo followed by the command you want to run. For example:
$ sudo passwd carol #set Carol’s password
All sudo commands are normally logged (this is configurable) and if someone tries something they’re not supposed to do, you get that “Username is not in the sudoers file. This incident will be reported” message. The report is a log file on your computer. It’s not like Tim Cook got an email. Think of it as that permanent record you’re principal talked about in junior high school.
I don’t remember the MacOS default, but I believe you need your password and you must enter a command you’re sudoing on the same line. A blank
sudo command logs you in as superuser — something you don’t usually want. However, you can change this by editing the
/etc/sudoers file. Long time ago, I gave myself the ability to run
sudo without the password and run
sudo without another command.
If your new to the command line, do not use sudo unless you know exactly what you’re doing.
Most Unix and Linux command lines use the BASH shell. Due to copyright issues with GNU, MacOS users zsh. Both are 99% the same. However, there are differences in configurations commands. If you get a Linux book on BASH, it’ll teach you quite a bit about MacOS and zsh programming. You just have to be aware there are some differences. Linux books and BASH books are quite common. MacOS and zsh are harder to find.
Also note the
man command. It’ll tell you in excruciating detail all about the command. Most of it won’t make sense until you get more familiar with Unix, but it’s always helpful. It shows similar commands.