Running sudo commands while not in the admin account

I use a non admin log in most of the time while I learn, code and game. I have tried unsuccessfully to find information about this on DDG and google.

Sometimes I run into some command which requires sudo privileges. I do not know how to give myself temporary sudo privileges so I can run the command then step the privilege back down to a normal user. Is that possible?

It seems people get mad if I don’t include this so here is my inxi. If anything else is needed to answer this question just let me know. Thanks for helping.

System:
  Kernel: 5.14.10-1-MANJARO x86_64 bits: 64 compiler: gcc v: 11.1.0
  parameters: BOOT_IMAGE=/boot/vmlinuz-5.14-x86_64
  root=UUID=532a2a90-7d4c-4de6-9edb-f10b70a99eea ro quiet apparmor=1
  security=apparmor udev.log_priority=3
  Desktop: KDE Plasma 5.22.5 tk: Qt 5.15.2 wm: kwin_x11 vt: 1
  dm: GDM 40.1, SDDM Distro: Manjaro Linux base: Arch Linux
Machine:
  Type: Desktop Mobo: ASRock model: X570 Phantom Gaming 4 serial: <filter>
  UEFI: American Megatrends v: P3.90 date: 01/26/2021
Battery:
  Message: No system battery data found. Is one present?
Memory:
  RAM: total: 15.55 GiB used: 1.83 GiB (11.8%)
  RAM Report: permissions: Unable to run dmidecode. Root privileges required.
CPU:
  Info: 8-Core model: AMD Ryzen 7 5800X bits: 64 type: MT MCP arch: Zen 3
  family: 19 (25) model-id: 21 (33) stepping: 0 microcode: A201009 cache:
  L2: 4 MiB bogomips: 121417
  Speed: 2868 MHz min/max: 2200/3800 MHz boost: enabled Core speeds (MHz):
  1: 2868 2: 2869 3: 4259 4: 3213 5: 2874 6: 2871 7: 2873 8: 2921 9: 3590
  10: 2869 11: 2870 12: 2865 13: 2867 14: 2269 15: 3582 16: 2327
  Flags: 3dnowprefetch abm adx aes aperfmperf apic arat avic avx avx2 bmi1
  bmi2 bpext cat_l3 cdp_l3 clflush clflushopt clwb clzero cmov cmp_legacy
  constant_tsc cpb cpuid cqm cqm_llc cqm_mbm_local cqm_mbm_total cqm_occup_llc
  cr8_legacy cx16 cx8 de decodeassists erms extapic extd_apicid f16c
  flushbyasid fma fpu fsgsbase fsrm fxsr fxsr_opt ht hw_pstate ibpb ibrs ibs
  invpcid irperf lahf_lm lbrv lm mba mca mce misalignsse mmx mmxext monitor
  movbe msr mtrr mwaitx nonstop_tsc nopl npt nrip_save nx ospke osvw
  overflow_recov pae pat pausefilter pclmulqdq pdpe1gb perfctr_core
  perfctr_llc perfctr_nb pfthreshold pge pku pni popcnt pse pse36 rapl rdpid
  rdpru rdrand rdseed rdt_a rdtscp rep_good sep sha_ni skinit smap smca smep
  ssbd sse sse2 sse4_1 sse4_2 sse4a ssse3 stibp succor svm svm_lock syscall
  tce topoext tsc tsc_scale umip v_spec_ctrl v_vmsave_vmload vaes vgif
  vmcb_clean vme vmmcall vpclmulqdq wbnoinvd wdt xgetbv1 xsave xsavec
  xsaveerptr xsaveopt xsaves
  Vulnerabilities: Type: itlb_multihit status: Not affected
  Type: l1tf status: Not affected
  Type: mds status: Not affected
  Type: meltdown status: Not affected
  Type: spec_store_bypass
  mitigation: Speculative Store Bypass disabled via prctl and seccomp
  Type: spectre_v1
  mitigation: usercopy/swapgs barriers and __user pointer sanitization
  Type: spectre_v2 mitigation: Full AMD retpoline, IBPB: conditional, IBRS_FW,
  STIBP: always-on, RSB filling
  Type: srbds status: Not affected
  Type: tsx_async_abort status: Not affected
Graphics:
  Device-1: NVIDIA GA104 [GeForce RTX 3070] vendor: Micro-Star MSI
  driver: nvidia v: 470.63.01 alternate: nouveau,nvidia_drm bus-ID: 09:00.0
  chip-ID: 10de:2484 class-ID: 0300
  Device-2: Sunplus Innovation Webcam type: USB driver: snd-usb-audio,uvcvideo
  bus-ID: 3-6:4 chip-ID: 1bcf:2cb4 class-ID: 0102 serial: <filter>
  Display: x11 server: X.Org 1.20.13 compositor: kwin_x11 driver:
  loaded: nvidia display-ID: :0 screens: 1
  Screen-1: 0 s-res: 1920x1080 s-dpi: 101 s-size: 483x272mm (19.0x10.7")
  s-diag: 554mm (21.8")
  Monitor-1: HDMI-0 res: 1920x1080 hz: 75 dpi: 102
  size: 476x268mm (18.7x10.6") diag: 546mm (21.5")
  OpenGL: renderer: NVIDIA GeForce RTX 3070/PCIe/SSE2
  v: 4.6.0 NVIDIA 470.63.01 direct render: Yes
Audio:
  Device-1: NVIDIA GA104 High Definition Audio vendor: Micro-Star MSI
  driver: snd_hda_intel v: kernel bus-ID: 09:00.1 chip-ID: 10de:228b
  class-ID: 0403
  Device-2: AMD Starship/Matisse HD Audio vendor: ASRock driver: snd_hda_intel
  v: kernel bus-ID: 0b:00.4 chip-ID: 1022:1487 class-ID: 0403
  Device-3: Sunplus Innovation Webcam type: USB driver: snd-usb-audio,uvcvideo
  bus-ID: 3-6:4 chip-ID: 1bcf:2cb4 class-ID: 0102 serial: <filter>
  Sound Server-1: ALSA v: k5.14.10-1-MANJARO running: yes
  Sound Server-2: JACK v: 1.9.19 running: no
  Sound Server-3: PulseAudio v: 15.0 running: yes
  Sound Server-4: PipeWire v: 0.3.38 running: no
Network:
  Device-1: Realtek RTL8812AE 802.11ac PCIe Wireless Network Adapter
  driver: rtl8821ae v: kernel port: e000 bus-ID: 04:00.0 chip-ID: 10ec:8812
  class-ID: 0280
  IF: wlp4s0 state: up mac: <filter>
  IP v4: <filter> type: dynamic noprefixroute scope: global
  broadcast: <filter>
  IP v6: <filter> type: dynamic noprefixroute scope: global
  IP v6: <filter> type: dynamic noprefixroute scope: global
  IP v6: <filter> type: noprefixroute scope: link
  Device-2: Intel I211 Gigabit Network vendor: ASRock driver: igb v: kernel
  port: d000 bus-ID: 05:00.0 chip-ID: 8086:1539 class-ID: 0200
  IF: enp5s0 state: down mac: <filter>
  WAN IP: <filter>
Bluetooth:
  Device-1: ASUSTek ASUS USB-BT500 type: USB driver: btusb v: 0.8
  bus-ID: 3-1:2 chip-ID: 0b05:190e class-ID: e001 serial: <filter>
  Report: rfkill ID: hci0 rfk-id: 1 state: up address: see --recommends
Logical:
  Message: No logical block device data found.
RAID:
  Message: No RAID data found.
Drives:
  Local Storage: total: 931.51 GiB used: 596.14 GiB (64.0%)
  SMART Message: Unable to run smartctl. Root privileges required.
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Seagate
  model: FireCuda 520 SSD ZP1000GM30002 size: 931.51 GiB block-size:
  physical: 512 B logical: 512 B speed: 63.2 Gb/s lanes: 4 type: SSD
  serial: <filter> rev: STNSC014 temp: 34.9 C scheme: GPT
  Message: No optical or floppy data found.
Partition:
  ID-1: / raw-size: 453.91 GiB size: 445.78 GiB (98.21%)
  used: 200.92 GiB (45.1%) fs: ext4 dev: /dev/nvme0n1p4 maj-min: 259:4
  label: N/A uuid: 532a2a90-7d4c-4de6-9edb-f10b70a99eea
  ID-2: /boot/efi raw-size: 100 MiB size: 96 MiB (96.00%)
  used: 27.6 MiB (28.8%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
  label: SYSTEM uuid: 36AB-309B
  ID-3: /run/media/justin/Windows raw-size: 476.61 GiB
  size: 476.61 GiB (100.00%) used: 395.19 GiB (82.9%) fs: ntfs
  dev: /dev/nvme0n1p3 maj-min: 259:3 label: Windows uuid: EE14AC8914AC567D
Swap:
  Alert: No swap data was found.
Unmounted:
  ID-1: /dev/nvme0n1p2 maj-min: 259:2 size: 16 MiB fs: <superuser required>
  label: N/A uuid: N/A
  ID-2: /dev/nvme0n1p5 maj-min: 259:5 size: 900 MiB fs: ntfs label: Recovery
  uuid: AE86ACDD86ACA6F5
USB:
  Hub-1: 1-0:1 info: Full speed (or root) Hub ports: 6 rev: 2.0
  speed: 480 Mb/s chip-ID: 1d6b:0002 class-ID: 0900
  Device-1: 1-1:2 info: China Resource Semico USB Keyboard
  type: Keyboard,Mouse driver: hid-generic,usbhid interfaces: 2 rev: 1.1
  speed: 1.5 Mb/s power: 500mA chip-ID: 1a2c:4c5e class-ID: 0301
  Device-2: 1-2:3 info: [Maxxter] Optical gaming mouse type: Mouse,Keyboard
  driver: hid-generic,usbhid interfaces: 2 rev: 1.1 speed: 1.5 Mb/s
  power: 100mA chip-ID: 18f8:0f99 class-ID: 0300
  Hub-2: 2-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.1 speed: 10 Gb/s
  chip-ID: 1d6b:0003 class-ID: 0900
  Hub-3: 3-0:1 info: Full speed (or root) Hub ports: 6 rev: 2.0
  speed: 480 Mb/s chip-ID: 1d6b:0002 class-ID: 0900
  Device-1: 3-1:2 info: ASUSTek ASUS USB-BT500 type: Bluetooth driver: btusb
  interfaces: 2 rev: 1.1 speed: 12 Mb/s power: 500mA chip-ID: 0b05:190e
  class-ID: e001 serial: <filter>
  Device-2: 3-5:3 info: Cyber Power System PR1500LCDRT2U UPS type: HID
  driver: hid-generic,usbhid interfaces: 1 rev: 2.0 speed: 12 Mb/s power: 2mA
  chip-ID: 0764:0601 class-ID: 0300 serial: <filter>
  Device-3: 3-6:4 info: Sunplus Innovation Webcam type: Video,Audio
  driver: snd-usb-audio,uvcvideo interfaces: 4 rev: 2.0 speed: 480 Mb/s
  power: 500mA chip-ID: 1bcf:2cb4 class-ID: 0102 serial: <filter>
  Hub-4: 4-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.1 speed: 10 Gb/s
  chip-ID: 1d6b:0003 class-ID: 0900
  Hub-5: 5-0:1 info: Full speed (or root) Hub ports: 4 rev: 2.0
  speed: 480 Mb/s chip-ID: 1d6b:0002 class-ID: 0900
  Hub-6: 6-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.1 speed: 10 Gb/s
  chip-ID: 1d6b:0003 class-ID: 0900
Sensors:
  System Temperatures: cpu: 37.9 C mobo: N/A gpu: nvidia temp: 37 C
  Fan Speeds (RPM): N/A gpu: nvidia fan: 0%
Info:
  Processes: 275 Uptime: 14m wakeups: 0 Init: systemd v: 249 tool: systemctl
  Compilers: gcc: 11.1.0 Packages: 1468 pacman: 1461 lib: 425 flatpak: 0
  snap: 7 Shell: Bash v: 5.1.8 running-in: yakuake inxi: 3.3.08

Not in the sense as you are wording it, but what very few people seem to realize is that sudo was actually intended for role-based access control. In other words, you can set up sudo so that it behaves differently for different users, and as such you can also limit the privileges that any particular user gets when using sudo.

The most logical approach to your problem would then be to grant the user account that you log into the most sudo access to only those system administration tasks that said user has to be able to invoke.

Of course, you have not told us what specific sysadmin privileges that particular user account would need access to, because chances are that said account doesn’t even need sudo access, given that all too many people are gratuitously modifying things under root-owned directories, as opposed to in their own home directory.

Another approach would be to log into the account that does have sudo privileges ─ or even the root account, if you haven’t deactivated that ─ at a tty while at the same time using the unprivileged account in the GUI, and then switching back and forth between them.

UNIX is a genuine multiuser platform, so it was designed to offer concurrent access to multiple logged-in accounts.

1 Like

@Aragorn
Thank you for your response. Interesting. It sounds like both an answer to what I am looking for, but also a requirement to learn more. I keep bumping up against that particular barrier. Any particular reading you would recommend around users and privileges for Linux or Arch? I am usually overwhelmed with sources to read and I don’t always find the info I am seeking, so any suggestion is helpful.

want this ?

sudo /root/     # ok
sudo -k
ls /root/      # error

ps: inxi … no thanks :rofl:

As you asked :wink: Sudo - ArchWiki

1 Like

And ─ just so as to toot my own horn :stuck_out_tongue: ─ there’s also this…: :arrow_down:

2 Likes