Linux how to add user to sudoers

How to Add User to Sudoers / Give sudo Privileges in Linux

sudo is a very useful linux utility that can grant root privileges to the non-root users for a limited period of time (before asking for your password again).

Not all users can run sudo by default, only the users who are in the sudo group, or have their username in the sudoers files can execture sudo command. If you are not in sudoers file, this message will pop up:

In this tutorial, I am going to show you how you can grant sudo privileges to a specific user in your system by adding them to the sudoers file, lets get started. Before you proceed with the tutorial, make sure that the user you are logged in as is the root user, or an user that already has root (sudo) privileges.

Also, replace ‘username‘ with the name of your own user (the one that you want to grant sudo privileges to) when executing the commands.

Adding User to the sudo Group

sudo is a group that already has an entry in the sudoers file. Meaning any user belonging to the sudo group can perform root actions as well, this is an easy way to grant yourself sudo rights in Linux.

In a terminal window, type:

usermodadd -aG sudo username

This will add user to the sudo group, allowing them to execute commands with sudo privileges .

If the command outputs “ usermod: group ‘sudo’ does not exist “, you will need to create one.

After that, try running the usermodadd -a -G sudo username command again.

You can verify if you were sucessfully added to to the sudo group by using the command:

Adding User to the sudors File

If you don’t want to add your user to the sudo group, you can directly add an entry for your user in the sudoers file to grant superuser (sudo/root) permissions.

You should not edit the sudoers file (/etc/sudoers) directly. Any errors in this file can lead to a broken system. Instead, you can use the visudo command.

By default, visudo opens the sudoers file in the default Vi editor. Now Vi is not bad but is a tad bit complicated to use.

Instead of Vi, we can also edit the file in Vim (Vi Improved), Nano or any other text editor of our choice.

To do so open a terminal and type:

(Tip: you can replace ‘nano’ with another cli text editor of your choice.)

This will open the sudoers file in nano, which is relatively easy to use than Vi or Vim. Once the file opens, paste this in a new line:

Note: Replace username with the user’s name that you want to grant sudo privileges to.

Troubleshooting

Here are solutions to some common errors & other issues that you can face when following this tutorial.

Error: user is not in the sudoers file.

Check if the user is infact in sudoers file/sudo group by trying to run a command as that user.

If it says user is not in the sudoers file, even after you have added them to sudo group and verified it, open a terminal and type:

Now uncomment this line(remove # from front):

Save the file and your user should have sudo rights.

If you are currently logged in as that user in any session or tty, log out and log back in again. This is needed for the changes to take effect. To check which users are logged in, use the command: users .

Adding Password to a User

To use sudo, a user is required to have a password (unless NOPASSWD is set in sudoers). If you user does not has a password set, you can easily set one using the passwd command. Make sure that you are logged in as root (or a user with sudo privileges), then use the command:

Replace username with your user and press enter. Next, enter and confirm your new password and you are good to go.

Executing sudo commands without password

It is not recommended to disable password for sudo. It is same as having a root account logged in, which completely defeats the purpose of sudo.

However, if you absolutely need to get password-less sudo working, open the sudoes file and change the line:

You do this for a specif user as well by replace ALL at the end of their entry in sudoers with NOPASSWD: ALL . (e.g. username ALL=(ALL) NOPASSWD: ALL )

Источник

How To Add User To Sudoers & Add User To Sudo Group on Ubuntu

The sudo command is the preferred means to handle elevated permissions. In supported versions of Ubuntu, using the sudo command will grant elevated permissions for 15 minutes.

Standard user accounts are restricted from performing sensitive tasks, such as viewing the contents of the /root directory. This prevents the accidental use of commands with massive consequences. It also makes it more difficult for intruders to compromise a system. However, sometimes you need to run an administrative command. Sudo – or Super User Do – grants you privileges to run sensitive tasks.

This simple tutorial will show you how to add a new user on Ubuntu and provide sudo access.

• A system running a supported version of Ubuntu
• Access to a root user account or another account with sudo privileges
• Access to a terminal window/command line (Ctrl–Alt–T)

Note: Linux Sudo Command tutorials also available for CentOS and Debian.

Steps to Add Sudo User on Ubuntu

Step 1: Create New User

1. Log into the system with a root user or an account with sudo privileges.

2. Open a terminal window and add a new user with the command:

The adduser command creates a new user, plus a group and home directory for that user.

You may get an error message that you have insufficient privileges. (This typically only happens for non-root users.) Get around it by entering:

3. You can replace newuser with any username you wish. The system will add the new user; then prompt you to enter a password. Enter a great secure password, then retype it to confirm.

4. The system will prompt you to enter additional information about the user. This includes a name, phone numbers, etc. – these fields are optional, and can be skipped by pressing Enter.

Step 2: Add User to Sudo Group

Most Linux systems, including Ubuntu, have a user group for sudo users. To grant the new user elevated privileges, add them to the sudo group.

In a terminal, enter the command:

Replace newuser with the username that you entered in Step 1.

Again, if you get an error, run the command with sudo as follows:

sudo usermod -aG sudo newuser

The -aG option tells the system to append the user to the specified group. (The -a option is only used with G .)

Note: Usermod command is a useful tool for user management. To learn more about its options, refer to our guide How To Use The Usermod Command In Linux.

Step 3: Verify User Belongs to Sudo Group

Enter the following to view the groups a user belongs to:

The system will respond by listing the username and all groups it belongs to, for example: newuser : newuser sudo

Step 4: Verify Sudo Access

Replace newuser with the username you entered in Step 1. Enter your password when prompted. You can run commands as normal, just by typing them.

However, some commands or locations require elevated privileges. If you try to list the contents of the /root directory, you’ll get an access denied error: ls /root

The command can be executed with:

The system will prompt for your password. Use the same password you set in Step 1. You should now see the contents of the /root directory.

Now you know how to add and create a user with sudo privileges on Ubuntu.

Before sudo, users would log in to their systems with full permissions over the entire system with the su command. This was risky as users could be exploited by tricking them into entering malicious commands. These vulnerabilities were solved by limiting account privileges. However, administrators still had to log out of their account and into an admin account to perform routine tasks.

The sudo command in Ubuntu strikes a balance – protecting user accounts from malicious or inadvertent damage while allowing a privileged user to run administrative tasks. To learn more about the difference between these commands, check out Sudo vs. Su.

Источник

How to Add User to Sudoers File or Sudo Group on Ubuntu

Linux requires root or superuser privileges to perform certain tasks. We cannot assign root privileges to every user because these are sensitive tasks. Accidental misuse of root privileges can have severe consequences.

Linux provides sudo access so that normal users can install software, delete files, and perform other tasks that require root access.

In this tutorial, we learn how to add a user to the sudoers file or sudo group in Ubuntu.

Prerequisites

• Any Linux system running Ubuntu flavour
• A user with sudo access or a root user account

What is a Sudoers File or Sudo Group

The sudoers (/etc/sudoers) file is a configuration file that contains sudo privilege users and groups. In this file, you can define the level of privileges for the group and user.

Sudo is a default group in the Ubuntu and other modern Linux distributions. Adding standard users to this group gets elevated privileges. You can add a user to the sudo group while creating a new user or an existing user can also be added.

How to Add Users to the Sudo Group

Sudo members can execute commands as the root user using their own password. The easiest way to grant sudo privileges to a user is to add the user to the group named sudo.

Create New User and Assign Sudo Group

1. Log in as the root user or a user with sudo privileges.

2. Create a new user and add the user to sudo in a single command:

This creates a new user named tom and assign to sudo group, then exits with no message.

3. Set password for the new user:

4. Verify the user tom has sudo access:

From the output, the user is able to list the root folder contents which means the user account has sudo access.

In RHEL, CentOS, and other related distributions, the default sudo privileges group is named wheel .

Adding Existing User to Sudo Group

1. Log in as the root user or a user with sudo privileges.

2. To add an existing user to sudo you can use usermod command:

You can verify checking the root access by listing the files under the root directory.

How to Add User to Sudoers File

The sudoers file contains the users and groups that have sudo privileges. Let’s check how to add a user to this file.

1. Log in as the root user or a user with sudo privileges.

2. Open the sudoers file in edit mode:

You may also create a new file inside /etc/sudoers.d directory to add the rules.

3. Locate the User privilege specification section and add the following line:

foo (ALL:ALL) ALL — This means the user foo has all privileges and is able to run any commands.

%developers ALL=(ALL) ALL — You can add a group to sudo by using %groupname

bob ALL=(ALL) NOPASSWD:/bin/df,/bin/ls — Can restrict sudo user to only specific commands and enable no password.

Check User Has Sudo Access

Here are some methods to check sudo access.

Using Sudo Command

The simplest way to check sudo access is by running any command as sudo and if there is an error, then you do not have sudo access.

Sudo command can also be used to check access for other users.

You can see that the user foo can run all commands on this system.

Check User Groups

We can check the group to which user belongs using the groups command.

As we can see, user tom is part of the sudo group and thus has sudo privileges.

Listing Users in Sudo Group

Another way to check if the user has sudo privileges is to list all the members of the sudo group. For example:

The preceding example shows users that are added to the sudo group but remember it doesn’t show users added in the sudoers file.

Remove User from Sudo Group

You can simply run the following command to remove a user from sudo group:

Now the user bob no longer has any sudo privileges. If you added sudo users through the sudoers file then has to be manually removed from that file.

Conclusion

In this tutorial, we learned how to add a user to sudoers file or sudo group on Ubuntu.

Now you can allow authorized users to run root commands. At the same time, you can prevent unauthorized users from causing any damage to your system.

If this resource helped you, let us know your care by a Thanks Tweet. Tweet a thanks

Источник