Sudo

OPTIONS
    sudo accepts the following command line options:

    -V The -V (version) option causes sudo to print the version number and exit. If the invoking user is already root the -V option will print out a list of the defaults sudo
      was compiled with as well as the machine's local network addresses.

    -l The -l (list) option will list out the allowed (and forbidden) commands for the user on the current host.

    -L The -L (list defaults) option will list out the parameters that may be set in a Defaults line along with a short description for each. This option is useful in conjunc­
      tion with grep(1).

    -h The -h (help) option causes sudo to print a usage message and exit.

    -v If given the -v (validate) option, sudo will update the user's timestamp, prompting for the user's password if necessary. This extends the sudo timeout for another 5
      minutes (or whatever the timeout is set to in sudoers) but does not run a command.

    -k The -k (kill) option to sudo invalidates the user's timestamp by setting the time on it to the epoch. The next time sudo is run a password will be required. This option
      does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.

    -K The -K (sure kill) option to sudo removes the user's timestamp entirely. Likewise, this option does not require a password.

    -b The -b (background) option tells sudo to run the given command in the background. Note that if you use the -b option you cannot use shell job control to manipulate the
      process.

    -p The -p (prompt) option allows you to override the default password prompt and use a custom one. The following percent (‘%') escapes are supported:

      %u   expanded to the invoking user's login name

      %U   expanded to the login name of the user the command will be run as (defaults to root)

      %h   expanded to the local hostname without the domain name

      %H   expanded to the local hostname including the domain name (on if the machine's hostname is fully qualified or the fqdn sudoers option is set)

      %%   two consecutive % characters are collaped into a single % character

    -c The -c (class) option causes sudo to run the specified command with resources limited by the specified login class. The class argument can be either a class name as
      defined in /etc/login.conf, or a single '-' character. Specifying a class of - indicates that the command should be run restricted by the default login capabilities for
      the user the command is run as. If the class argument specifies an existing user class, the command must be run as root, or the sudo command must be run from a shell
      that is already root. This option is only available on systems with BSD login classes where sudo has been configured with the --with-logincap option.

    -a The -a (authentication type) option causes sudo to use the specified authentication type when validating the user, as allowed by /etc/login.conf. The system administra­
      tor may specify a list of sudo-specific authentication methods by adding an "auth-sudo" entry in /etc/login.conf. This option is only available on systems that support
      BSD authentication where sudo has been configured with the --with-bsdauth option.

    -u The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a username, use #uid.

    -s The -s (shell) option runs the shell specified by the SHELL environment variable if it is set or the shell as specified in passwd(5).

    -H The -H (HOME) option sets the HOME environment variable to the homedir of the target user (root by default) as specified in passwd(5). By default, sudo does not modify
      HOME.

    -P The -P (preserve group vector) option causes sudo to preserve the user's group vector unaltered. By default, sudo will initialize the group vector to the list of groups
      the target user is in. The real and effective group IDs, however, are still set to match the target user.

    -r The -r (role) option causes the new (SELinux) security context to have the role specified by ROLE.

    -t The -t (type) option causes the new (SELinux) security context to have the have the type (domain) specified by TYPE. If no type is specified, the default type is derived
      from the specified role.

    -S The -S (stdin) option causes sudo to read the password from standard input instead of the terminal device.

    -- The -- flag indicates that sudo should stop processing command line arguments. It is most useful in conjunction with the -s flag.