sudo lets you run commands as the administrator (root user) on your Mac.

When you type sudo before a command, your Mac asks for your password. After you enter it, the command runs with full system privileges.

sudo some-command

That's it. You're temporarily borrowing admin power for one command.

When You Need sudo

You need sudo when you're doing something that affects the whole system, not just your personal files:

  • Installing software globally (like Homebrew packages that go in /usr/local)
  • Editing system configuration files (like /etc/hosts)
  • Changing permissions on protected files
  • Managing system services
  • Anything outside your home folder that requires write access

If you try one of these without sudo and get "permission denied," that's your Mac telling you to use sudo.

When You Don't Need sudo

Don't use sudo for:

  • Anything in your home folder (~)
  • Running normal applications
  • Reading files (you can read most things without admin privileges)
  • Basic navigation (cd, ls, pwd)
  • Creating files in your own directories

If a command works without sudo, don't add it. Using sudo when you don't need it can create files owned by root in places they shouldn't be, causing problems later.

What Happens When You Use sudo

  1. You type sudo followed by your command
  2. Terminal asks for your password
  3. You type your password (no characters appear - that's normal)
  4. The command runs with administrator privileges
  5. sudo remembers your password for a few minutes, so you don't have to retype it immediately

Example:

sudo nano /etc/hosts

This opens the system hosts file for editing. Without sudo, you could read it but not save changes.

The Password Thing

When you type your password after sudo, you won't see any characters, dots, or asterisks. The cursor just sits there.

This isn't broken. It's a security feature. Type your password and press Enter.

If you mistype it, you'll get a "Sorry, try again" message. You get three attempts before sudo gives up.

The Root User

sudo stands for "superuser do." The superuser (also called root) is the administrator account that can do anything on your Mac.

Your normal user account has limits. Root doesn't. That's why sudo asks for your password - it's a checkpoint to make sure you really want to do this.

On most Macs, the root account is disabled by default. You access it through sudo instead of logging in as root directly. This is safer.

Common sudo Commands

Edit the hosts file:

sudo nano /etc/hosts

Install something with Homebrew that needs admin access:

sudo brew services start mysql

Change ownership of a file:

sudo chown \$(whoami) /some/file

View a protected log file:

sudo cat /var/log/system.log

Flush the DNS cache:

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

The Danger of sudo

sudo gives you power to break things. With great power comes the ability to delete important files, modify system settings incorrectly, or mess up your Mac.

Never run a command with sudo if you don't understand what it does.

The classic bad command is sudo rm -rf / - this tries to delete everything on your computer. Modern macOS blocks this specific command, but the principle applies to others.

Before running anything with sudo:

  1. Read the command carefully
  2. Understand what each part does
  3. If you found it online, make sure it's from a trusted source

"sudo: command not found"

If you see this error:

sudo: command not found: something

The issue isn't with sudo. It's that the command you're trying to run doesn't exist. Check your spelling and make sure the program is installed.

Running Multiple Commands as sudo

If you need to run several commands with admin privileges, you can start a root shell:

sudo -s

Now every command you type has root privileges until you type exit.

Be very careful in this mode. It's easy to forget you're root and do something destructive.

A safer option is to just type sudo before each command that needs it.

sudo with Environment Variables

Sometimes sudo doesn't inherit your normal environment (like your PATH). If a command works normally but fails with sudo, try:

sudo -E your-command

The -E flag preserves your environment variables.

The Bottom Line

sudo is a tool for doing admin tasks. Use it when you need it, skip it when you don't.

The instinct to add sudo to everything is wrong. If you need it constantly, something else might be misconfigured.

Keep Learning

Understanding when to use sudo is part of understanding how Mac permissions work. There's more to learn about users, groups, and file permissions.

For a complete foundation, check out the free course at Mac Terminal for Humans.