How to Add User to Sudoers File or Sudo Group on Ubuntu

Last updated: March 13, 2024 | Linuxopsys

Linux requires root or superuser privileges to perform certain tasks. We cannot assign root privileges to every user because these are sensitive tasks. Accidental misuse of root privileges can have severe consequences.

Linux provides sudo access so that normal users can install software, delete files, and perform other tasks that require root access.

In this tutorial, we learn how to add a user to the sudoers file or sudo group in Ubuntu.

Prerequisites

  • Any Linux system running Ubuntu flavour
  • A user with sudo access or a root user account

What is a Sudoers File or Sudo Group

The sudoers (/etc/sudoers) file is a configuration file that contains sudo privilege users and groups. In this file, you can define the level of privileges for the group and user.

Sudo is a default group in the Ubuntu and other modern Linux distributions. Adding standard users to this group gets elevated privileges. You can add a user to the sudo group while creating a new user or an existing user can also be added.

How to Add Users to the Sudo Group

Sudo members can execute commands as the root user using their own password. The easiest way to grant sudo privileges to a user is to add the user to the group named sudo.

Create New User and Assign Sudo Group

1. Log in as the root user or a user with sudo privileges.

2. Create a new user and add the user to sudo in a single command:

useradd -G sudo tom
create a new user and add to sudo group

This creates a new user named tom and assign to sudo group, then exits with no message.

3. Set password for the new user:

passwd tom
set password for the new user

4. Verify the user tom has sudo access:

su tom
sudo ls /root
verify sudo access

From the output, the user is able to list the root folder contents which means the user account has sudo access.

In RHEL, CentOS, and other related distributions, the default sudo privileges group is named wheel.

Adding Existing User to Sudo Group

1. Log in as the root user or a user with sudo privileges.

2. To add an existing user to sudo you can use usermod command:

usermod -aG sudo bob
add an existing user to sudo group

You can verify checking the root access by listing the files under the root directory.

How to Add User to Sudoers File

The sudoers file contains the users and groups that have sudo privileges. Let's check how to add a user to this file.

1. Log in as the root user or a user with sudo privileges.

2. Open the sudoers file in edit mode:

vi /etc/sudoers

or

visudo

You may also create a new file inside /etc/sudoers.d directory to add the rules.

3. Locate the User privilege specification section and add the following line:

[username] ALL=(ALL:ALL) ALL
/etc/sudoers file

foo (ALL:ALL) ALL - This means the user foo has all privileges and is able to run any commands.

%developers ALL=(ALL) ALL - You can add a group to sudo by using %groupname

bob ALL=(ALL) NOPASSWD:/bin/df,/bin/ls - Can restrict sudo user to only specific commands and enable no password.

Check User Has Sudo Access

Here are some methods to check sudo access.

Using Sudo Command

The simplest way to check sudo access is by running any command as sudo and if there is an error, then you do not have sudo access.

Sudo command can also be used to check access for other users.

For example:

sudo -l -U foo
check sudo access of a user

You can see that the user foo can run all commands on this system.

Check User Groups

We can check the group to which user belongs using the groups command.

For example:

groups tom
check user groups

As we can see, user tom is part of the sudo group and thus has sudo privileges.

Listing Users in Sudo Group

Another way to check if the user has sudo privileges is to list all the members of the sudo group. For example:

getent group sudo
getent show sudo users


The preceding example shows users that are added to the sudo group but remember it doesn't show users added in the sudoers file.

Remove User from Sudo Group

You can simply run the following command to remove a user from sudo group:

deluser bob sudo
remove a user from sudo group

Now the user bob no longer has any sudo privileges. If you added sudo users through the sudoers file then has to be manually removed from that file.

Conclusion

In this tutorial, we learned how to add a user to sudoers file or sudo group on Ubuntu.

Now you can allow authorized users to run root commands. At the same time, you can prevent unauthorized users from causing any damage to your system.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment