The sudo command in Linux allows you to run all those commands which require root privileges. Without root privileges, a normal user is very limited in what they can do in Linux.
But, practically you cannot give every user all privileges to do whatever they want to do with a system.
However, there are some users whom you want to assign root privileges to perform all or a limited number of duties.
The sudo command lets you do this by allowing a user to run all or a specific set of commands as a root user.
Here at LinuxAPT, as part of our Server management Services, we regularly help our Customers to perform related Sudoers queries.
In this context, we shall look into how to add a user to sudoers (list of users who can run sudo commands) on Ubuntu with a few examples.
If you are interested in how to add a new user in Linux, visit our post on How to Add and Remove Users on Ubuntu 20.04 .
Note that you can use the same procedures on other Linux distributions that use sudo.
How to Check If a User Has Sudo Rights ?
To find out if a user has sudo rights, you will need to check if it is a part of the group "sudo". You can check it using the command below in the Terminal:
$ groups <username>If the user has sudo rights, you will see the "sudo" group in the output.
For instance, to check if a user named "linuxapt" has sudo access, the command would be:
$ groups linuxaptThe output will display that the user "linuxapt" is a member of sudo groups and therefore has sudo privileges.
How to Add a User to Sudoers on Ubuntu ?
There are different methods to add a user to sudoers on Ubuntu. Remember, you will need to run the commands described here as a root or sudo.
1. By Adding User to the sudo group (Command Line)
To add a user to sudoers and assign it sudo privileges, use the usermod command as follows:
$ sudo usermod -aG sudo usernameThis command will add user to a group named "sudo".
The members of sudo group are allowed to run the sudo commands.
For instance, to add a user named "linuxapt" to sudoers, the command would be:
$ sudo usermod -aG sudo linuxaptEnter the sudo password, after which the user will be added to the sudo group.
To confirm the user is now in the sudoers, issue the command below:
$ groups <username>The groups command tells which groups a user belongs to .
In our scenario, the command would be:
$ groups linuxaptIn the output, you should see the sudo group.
Now the user will be allowed to run the sudo commands, like the "sudo apt update" command.
2. By Adding User to the Sudoers File (Command Line)
Another method to assign sudo access is by adding the user to the sudoers file.
You can edit the sudoers file as follows:
$ sudo visudoEnter your password. Now scroll down the bottom of the file and add an entry in the following format:
username ALL=(ALL) NOPASSWD:ALLFor instance, we want to add a user named "linuxapt" to sudoers.
For this purpose, we have appended the below entry in the sudoers file:
linuxapt ALL=(ALL) NOPASSWD:ALLOnce done, save and close the sudoers file. Now the user will be allowed to run all commands as sudo.
After editing the sudoers file, you can check if its syntax is correct. Execute the below command to do so:
$ sudo visudo -cTo confirm the user is now in the sudoers, run the command below:
$ groups <username>You should see the sudo group in the output.
How to Limit Root Access with Sudo ?
In certain scenarios, there is a requirement for users to perform a certain task that needs root privileges.
However, it is not reasonable to assign them all privileges.
With sudo, you can limit the root access to commands they can use.
For instance, you want a user named "linuxapt" to give access only to the "useradd" and "adduser" command.
In this case, edit the sudoers file using the command below:
$ sudo visudoThen scroll down the file and add the below entry:
linuxapt ALL=(ALL) NOPASSWD: /usr/sbin/useradd,/usr/sbin/adduserSave the sudoers file and exit.
Now the user "linuxapt" will be able to use only useradd and adduser commands.
However, if "linuxapt" attempts to run any other sudo command, it will be refused.
3. By Changing Account Type to Administrator (GUI)
There is another way through which you can add a user to sudoers from the graphical user interface.
Here are the steps to do so:
1. Open the Settings utility by right-clicking the desktop and choosing Settings from the menu.
2. Then from the Settings window, select the Users tab. Then unlock the user settings by clicking the Unlock button.
3. Now enter your password for authentication and click Authenticate.
4. Now select the user to whom you want to give sudo access. Then under the user Account Settings, switch the toggle button in front of Administrator to on state.
By doing so, the user will be added to the sudo group and it will be able to use all the sudo commands.
How to Remove User from Sudoers ?
To remove a user from sudoers, use the following command:
$ sudo gpasswd -d <username> sudoThis command will remove the specified user from the sudo group and hence it will no longer be able to run the commands as a root user.
To confirm if the user has been removed from the sudoers, run the command below:
$ groups <username>There should be no "sudo" group in the output.
[Need urgent assistance in fixing Ubuntu Linux errors? We are available to help you. ]
Conclusion
This article covers how to add a user to sudoers using different methods, limit root access with sudo and remove a user from sudoers.
Sudo is a very handy tool for system administrators that allow them to provide root access to a user with granularity.
Steps to Add Sudo User on Ubuntu ?
1. Log into the system with a root user or an account with sudo privileges.
2. Open a terminal window and add a new user with the command:
# adduser newuserThe adduser command creates a new user, plus a group and home directory for that user.
You may get an error message that you have insufficient privileges. (This typically only happens for non-root users.) Get around it by entering:
# sudo adduser newuser3. You can replace newuser with any username you wish. The system will add the new user; then prompt you to enter a password. Enter a great secure password, then retype it to confirm.
To Add User to Sudo Group:
1. In a terminal, enter the command:
# usermod -aG sudo newuserReplace newuser with the username that you entered in Step 1.
Again, if you get an error, run the command with sudo as follows:
# sudo usermod -aG sudo newuserThe -aG option tells the system to append the user to the specified group. (The -a option is only used with G).
This article covers how to add a user to sudoers using different methods, limit root access with sudo and remove a user from sudoers.
Sudo is a very handy tool for system administrators that allow them to provide root access to a user with granularity.
Steps to Add Sudo User on Ubuntu ?
1. Log into the system with a root user or an account with sudo privileges.
2. Open a terminal window and add a new user with the command:
# adduser newuserThe adduser command creates a new user, plus a group and home directory for that user.
You may get an error message that you have insufficient privileges. (This typically only happens for non-root users.) Get around it by entering:
# sudo adduser newuser3. You can replace newuser with any username you wish. The system will add the new user; then prompt you to enter a password. Enter a great secure password, then retype it to confirm.
To Add User to Sudo Group:
1. In a terminal, enter the command:
# usermod -aG sudo newuserReplace newuser with the username that you entered in Step 1.
Again, if you get an error, run the command with sudo as follows:
# sudo usermod -aG sudo newuserThe -aG option tells the system to append the user to the specified group. (The -a option is only used with G).
