Alex Kaloostian

Apple Certified Master Trainer | Systems Integrator | Video Editor | Motion Graphics Artist

Command Line basics 10 – sudo

Leave a comment

Lesson 10! This is exciting. Ten fingers, ten toes, OS X, ten lords a-leaping… I thought I should do something special for lesson ten. Today were going to learn how to get ULTIMATE COSMIC POWER with just four little letters:


Every Unix system has a user hiding in the shadows, overseeing everything like some all-powerful wizard. This user is sometimes called the superuser, or the god user, but most commonly it’s called root.

The root user can do practically anything on a Unix system: create and delete files, create and delete users, change system settings, even delete the whole system folder! But if you try that little trick, it will be the last trick you do.

Most of the time, on a Mac system you are logged in as a standard user or an administrator. If you’re not sure which you are, have a look at the Users & Groups system preferences (Called Accounts in Snow Leopard and earlier).

You’ll see on the left a list of all the users on your system, the one you’re currently logged in as is at the top, and underneath each user it will say Admin, Standard, or Sharing Only.

An admin can promote and demote other users to/from Admin, as long as they are not currently logged in. For example, FMCAdmin is logged in in the above example. He could promote Joe Public to Admin, but he could not demote himself, because he’s logged in. Another Admin could demote FMCAdmin to standard status, as long as there is always at least one Admin left.

What you don’t see in the system preference, is root. Root is so powerful, it is disabled and hidden by Apple. It can be activated, but its really a bad idea and not necessary, so if you reeeaaaly want to know how, you’ll have to Google it.

The thing is, you will never need to activate the root user, for two reasons. 1: A plain old Admin can do nearly anything you’d ever need to do, and 2: even if you do think you know your stuff, and need to edit a file buried deep inside the system, you can still pretend to be root for 5 minutes without actually having to become root. All you have to do is type sudo.

Here’s an example. If you try opening the contents of this folder deep in the System, with the Finder, you’ll see it’s locked:

And if you try the same thing in the Terminal, it’s still locked:

Lion-Apps:~ fmcadmin$ cd /System/Library/DirectoryServices/DefaultLocalDB/
Lion-Apps:DefaultLocalDB fmcadmin$ ls -l Default/
ls: : Permission denied

Even as an admin, you’re not allowed to look in that folder. BUT, try adding sudo at the beginning of it all:

Lion-Apps:DefaultLocalDB fmcadmin$ sudo ls -l Default/
Password: ****
total 0
drwx------ 10 root wheel 340 Aug 16 2011 aliases
drwx------ 3 root wheel 102 Aug 16 2011 computers
drwx------ 99 root wheel 3366 May 24 13:51 groups
drwx------ 3 root wheel 102 Aug 16 2011 networks
drwx------ 76 root wheel 2584 May 24 13:51 users

See what happened? It asked for your admin password, and then it opened up and listed the folder. That’s sudo power! Standard users and guests can’t use sudo, only Admins. And if you close and re-open the Terminal, you’ll have to type your password again.

Now, I’m not saying you should monkey around in there, I just used that folder as an example. It’s a good rule of thumb that if you can’t access something even as admin, you shouldn’t be messing with it. But once in awhile you’ll have to make a change or move a file and only sudo can get the job done.

Lastly, one more shortcut: if you type a command and you are denied, instead of typing sudo and the whooooole command again, just type

sudo !!

And press return. It will automatically run the previous command again, with sudo. We call that “sudo bang bang”.

Author: alexkaloostian

I'm a video editor, motion graphics designer and Mac IT consultant in the Boston area.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s