- How do I add a user to the «sudo» group?
- Linux allow sudo to user
- About Administrative Access on Oracle Linux
- Using the sudo Command
- Using the visudo Command
- Adding User Authorizations in the sudoers.d Directory
- Adding User Authorizations in the sudoers File
- Using Groups to Manage User Authorizations
- How to give a Linux user sudo access? [closed]
- 3 Answers 3
How do I add a user to the «sudo» group?
The a is very important. Without it they’ll be removed from all other groups. You will need to either restart your shell/terminal or log out and back in for this to take effect.
@Teifi, that means you probably don’t have sudo installed or, for some weird reason, it’s not in your path. What happens when you run which sudo ?
New terminals were not enough. Ended up rebooting for another reason and now it works. Probably log-out/in.
I know a is for append, but i think it will be more usefull to have append as default behavior. Creating an alias is easy so that will be the way to have groupadd group then just append it. I did the command without -a once today as i didn’t remember the -a argument.
Although this is an Ubuntu forum, For CentOS I had to do sudo usermod -aG sudo
You can either use the user management GUI for it (same place where you create users), or use sudo adduser sudo in the command line.
This is also referred to in the ubuntu documentation on RootSudo albeit they refer to the admin group instead of the sudo group
You can also use a graphical interface. Click on the gear on the top right of the panel, then select «System Settings» and then «User Accounts»
You need to click the little unlock button to be able to edit things in this window. Then click on the person’s account and select the proper dropdown for «Account Type»
I have Ubuntu 10.10 but my graphic interface is someway locked. It opens but I when buttons are pressed nothing happens. I suppose is something related to the privileges (I’m actually sudoer). How can I solve this issue?
Nice animation! I’d like to do such a gif animation to show new features of my web app ? I’m on Lubuntu 16.04.
Its really simple if you are using Unity as your desktop environment.
If you have created a user already then you can simply change it from Standard to Administrator, else make sure that you selected Administrator when creating a new one.
Don’t forget to unlock before trying to change it
I am late to the party, but this answer might help someone that uses Ubuntu inside a Docker container.
I recently created a Docker container based on Ubuntu 16.04.1.
By default, the Docker Ubuntu image is a stripped down version of Ubuntu, which does not have a vast majority of common tools including sudo .
Besides, by default, the user is logged in to the Docker container as root.
Therefore, I started the container with the docker run command, and installed the ‘sudo’ package:
root@default:/# apt-get install sudo
Running the command adduser myuser sudo reported error adduser: The user ‘myuser’ does not exist. . After reading this answer, I first ran the command to create the user:
root@default:/# adduser myuser
Then ran the following command:
root@default:/# adduser myuser sudo Adding user `myuser' to group `sudo' . Adding user myuser to group sudo Done.
The user myuser was successfully added to the sudo group.
Linux allow sudo to user
In Oracle Linux, only administrators can perform privileged tasks on the system.
To grant users additional privileges, an administrator can use the visudo command to either create a new configuration file in the /etc/sudoers.d directory or modify the /etc/sudoers file.
Privileges that an administrator assigns by using configuration files in the /etc/sudoers.d directory are preserved between system upgrades and skipped automatically by the sudo command if they are invalid. Administrators can also change file ownership and permissions for each configuration file. For more information, see Adding User Authorizations in the sudoers.d Directory.
Alternatively, an administrator can assign privileges directly in the /etc/sudoers file by using the visudo command. For more information, see Adding User Authorizations in the sudoers File.
About Administrative Access on Oracle Linux
By default, any user can elevate to a root shell by running the su command and provide the root user password:
Any user can also perform single administrative tasks in the same shell, but those commands cannot be executed until that user provides the root user password:
Elevating to a root shell by using the su command can work well for single user environments and workstations because only one person needs to administer the system and know the root user password. However, that does not scale well for shared systems with multiple users and administrators that require varying levels of access.
Oracle strongly recommends against sharing your root user password with anyone else or allowing remote users to sign in as the root user, both of which constitute poor and highly risky security practice.
The sudo command is better suited for shared systems because any user can supply their own credentials when they elevate to a root shell:
Users can subsequently terminate their root shell in the same way they would have if they had elevated directly with the su command and provided the root user password:
In addition, users can run the sudo command to perform single administrative tasks with elevated permissions:
For more information, see the su(1) , sudo(8) and sudoers(5) manual pages.
You can optionally disable the root user during the Oracle Linux 8 installation process and grant sudo administrator privileges to the first user. For more information, see Oracle Linux 8: Installing Oracle Linux.
Using the sudo Command
If your user has been granted sudo access then you can run administrative commands with elevated privileges:
Depending on your sudoer configuration, you may also be prompted for a password.
In some situations, you may have set environment variables that you want to reuse or preserve while running elevated commands, and you can do so by using the -E option.
For example, you may have connected your Oracle Linux system to an enterprise intranet or virtual private network (VPN) for which you also need proxy settings for outbound Internet access.
The environment variables on which terminal commands rely for proxy access are http_proxy , https_proxy and no_proxy , and you can set them in your ~/.bashrc configuration file:
export http_proxy=http://example.com export https_proxy=https://example.com export no_proxy=localhost,127.0.0.1
Run the source command to refresh your environment variables without signing out:
You can now safely pass those proxy settings to elevated commands. For example, to run the curl command with administrative privileges:
sudo -E curl https://docs.oracle.com
An administrator can optionally set system-wide proxy environment variables by configuring them in a shell script and then saving that file in the /etc/profile.d/ directory.
You can also use sudo access to start an elevated root shell. The -s option elevates your user to a root shell as the root user and the -i option to elevates your user to a root shell while preserving your user profile and shell configuration:
When you have finished running administrative commands, terminate the root shell and return to your usual privilege level by using the exit command.
For more information about configuring network settings, see Oracle Linux 8: Setting Up Networking.
Using the visudo Command
To edit the /etc/sudoers file in the vi text editor without risking any change conflicts from other users on the system, use the visudo command:
To learn more about how to configure the the /etc/sudoers file, see Adding User Authorizations in the sudoers File and the visudo(8) manual page.
Administrators can also use the visudo command to manage permission files for individual users in the /etc/sudoers.d/ directory. For more information, see Adding User Authorizations in the sudoers.d Directory.
Adding User Authorizations in the sudoers.d Directory
To set privileges for a specific user, add a file for them in the /etc/sudoers.d directory. For example, to set sudo permissions for the user alice :
sudo visudo -f /etc/sudoers.d/alice
You can append permissions to /etc/sudoers.d/alice in the following format:
username is the name of the user, hostname is the name of any hosts for which you are defining permissions, and command is the permitted command with full executable path and options. If you do not specify options, then the user can run the command with full options.
For example, to grant the user alice permission to install packages with the sudo dnf command on all hosts:
You can also add several comma separated commands on the same line. To allow the user alice to run both the sudo dnf and sudo yum commands on all hosts:
alice ALL = /usr/bin/dnf, /usr/bin/yum
The alice user still needs to use sudo when they run privileged commands:
Adding User Authorizations in the sudoers File
To set user privileges directly in the /etc/sudoers file, run the visudo command without specifying a file location:
You can append permissions to the /etc/sudoers file in exactly the same format that you would if you were adding those permissions to user files in the /etc/sudoers.d/ directory.
In both cases, you can use aliases to permit broader permission categories instead of specifying each command individually. The ALL alias functions as a wildcard for all permissions, so to set the user bob to have sudo permission for all commands on all hosts:
Additional aliased categories are listed in the /etc/sudoers file and the sudoers(5) manual page. You can create your own aliases in the following format:
Cmnd_Alias ALIAS = command
In addition, you can also add several comma separated aliases on the same line. For example, to grant the user alice permission to manage system services and software packages:
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable alice ALL= SERVICES, SOFTWARE
Both users still need to use sudo when they run privileged commands:
sudo systemctl restart service
Using Groups to Manage User Authorizations
Instead of specifying different levels of sudo access for each individual user you can optionally manage sudo access at group level by adding the % symbol to the group name.
For example, to define permissions for an existing group called example in the /etc/sudoers.d/ directory and then add the user alice to that group:
- Create the /etc/sudoers.d/example file by using the visudo command:
sudo visudo /etc/sudoers.d/example
%example ALL= SERVICES, SOFTWARE
sudo usermod -aG example alice
Alternatively, you can set group permissions directly in the /etc/sudoers file. For example, to grant the user bob full sudo access on all hosts, enable the existing group wheel , and then add the user bob to it:
- Open the /etc/sudoers file by using the visudo command:
sudo usermod -aG wheel bob
How to give a Linux user sudo access? [closed]
If you like to reopen the question you should provide additional details that qualify it as a valid according the rules in the help center.
3 Answers 3
You need run visudo and in the editor that it opens write:
That line grants all permissions to user igor .
If you want permit to run only some commands, you need to list them in the line:
igor ALL=(ALL) /bin/kill, /bin/ps
What would be the reason if one carried out the above, but the user (in this case igor ) still did not have full sudo access (ie. can issue sudo ls but not sudo mount -a )?
@puk it depends on the commands that you listed in /etc/sudoers; when you wrote ALL , user can run all commands
This answer will do what you need, although usually you don’t add specific usernames to sudoers . Instead, you have a group of sudoers and just add your user to that group when needed. This way you don’t need to use visudo more than once when giving sudo permission to users.
If you’re on Ubuntu, the group is most probably already set up and called admin :
$ sudo cat /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. #
# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d
On other distributions, like Arch and some others, it’s usually called wheel and you may need to set it up: Arch Wiki
To give users in the wheel group full root privileges when they precede a command with «sudo», uncomment the following line: %wheel ALL=(ALL) ALL
Also note that on most systems visudo will read the EDITOR environment variable or default to using vi . So you can try to do EDITOR=vim visudo to use vim as the editor.
To add a user to the group you should run (as root):
# usermod -a -G groupname username
where groupname is your group (say, admin or wheel ) and username is the username (say, john ).