If you’re looking to grant a user sudo privileges, there are two methods you can use. The first method involves adding the user to the sudoers file, which contains information about which users and groups have sudo access and at what level. The second option is to add the user to the sudo group specified in the sudoers file. By default, on Debian-based distributions like Ubuntu and Linux Mint, members of the “
sudo” group have sudo access. Learn how to grant sudo privileges using these two methods in this article.
Adding User to the sudo Group
Adding a user to the “sudo” group is the simplest method to grant
sudo privileges on Ubuntu. Once added, members of this group can run any command as root through
sudo, and they will be prompted to authenticate themselves with their password.
It is presumed that the user already exists. If you intend to establish a new user, please refer to this guide.
As an administrator or another user with sudo privileges, execute the command provided below to include the desired user in the group. Ensure that you replace “username” with the actual name of the user for whom you want to authorize access.
usermod -aG sudo username
This approach to granting sudo access is typically satisfactory for the majority of scenarios.
Execute the “
whoami” command to verify that the user has sudo privileges:
Upon being prompted, you will need to input the password. In the event that the user has sudo privileges, the command shall output the term “root”:
In the event of encountering an error message that reads “user is not in the sudoers file,” it signifies that the user lacks the necessary sudo privileges.
Adding User to the sudoers File
To define the sudo privileges of users and groups, you need to modify the
/etc/sudoers file. By adding a user to this file, you can grant personalized access to commands and establish specific security policies.
Modifying the sudoers file or creating a new configuration file in the
/etc/sudoers.d directory are two ways to configure a user’s sudo access. The contents of the files located in the
/etc/sudoers.d directory are included in the sudoers file.
To avoid losing sudo access, it’s important to utilize
visudo when modifying the
/etc/sudoers file. This command not only allows for syntax error checking upon saving but also prevents the file from being saved in the event of an error. Opening the file with a text editor instead of using
visudo can result in a syntax error and loss of sudo access.
visudo employs vim to launch the
/etc/sudoers file. However, if you lack proficiency with vim and prefer to modify the file using nano, you can modify the default editor by executing the following command:
Suppose you intend to enable the user to execute sudo commands without prompting for a password. In that case, you can accomplish this by accessing the
Add the following line to the bottom of the file by scrolling down:
username ALL=(ALL) NOPASSWD:ALL
Remember to substitute the desired username before saving the file and exiting the editor, ensuring that access is granted to the correct user.
A common illustration involves restricting a user’s
sudo privileges to only certain commands. To illustrate, granting permission solely for executing
rmdir commands can be achieved through the following method:
username ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir
An alternative approach to editing the sudoers file is to create a fresh file containing the authorization rules in the
/etc/sudoers.d directory. The procedure is identical to adding a rule to the sudoers file:
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username
By following this approach, the administration of sudo privileges becomes easier to maintain. Although the filename itself is not significant, it is customary to name the file after the corresponding username.
Adding a user to the “sudo” group is a straightforward process for granting sudo access in Ubuntu. If you have any queries, please don’t hesitate to ask by leaving a comment.