Linux requires root or superuser privileges to perform certain tasks. We cannot assign root privileges to every user because these are sensitive tasks. Accidental misuse of root privileges can have severe consequences.
Linux provides sudo access so that normal users can install software, delete files, and perform other tasks that require root access.
In this tutorial, we learn how to add a user to the sudoers file or sudo group in Ubuntu.
Prerequisites
- Any Linux system running Ubuntu flavour
- A user with sudo access or a root user account
What is a Sudoers File or Sudo Group
The sudoers (/etc/sudoers) file is a configuration file that contains sudo privilege users and groups. In this file, you can define the level of privileges for the group and user.
Sudo is a default group in the Ubuntu and other modern Linux distributions. Adding standard users to this group gets elevated privileges. You can add a user to the sudo group while creating a new user or an existing user can also be added.
How to Add Users to the Sudo Group
Sudo members can execute commands as the root user using their own password. The easiest way to grant sudo privileges to a user is to add the user to the group named sudo.
Create New User and Assign Sudo Group
1. Log in as the root user or a user with sudo privileges.
2. Create a new user and add the user to sudo in a single command:
useradd -G sudo tom
This creates a new user named tom and assign to sudo group, then exits with no message.
3. Set password for the new user:
passwd tom
4. Verify the user tom
has sudo access:
su tom
sudo ls /root
From the output, the user is able to list the root folder contents which means the user account has sudo access.
In RHEL, CentOS, and other related distributions, the default sudo privileges group is named wheel
.
Adding Existing User to Sudo Group
1. Log in as the root user or a user with sudo privileges.
2. To add an existing user to sudo you can use usermod command:
usermod -aG sudo bob
You can verify checking the root access by listing the files under the root directory.
How to Add User to Sudoers File
The sudoers file contains the users and groups that have sudo privileges. Let's check how to add a user to this file.
1. Log in as the root user or a user with sudo privileges.
2. Open the sudoers file in edit mode:
vi /etc/sudoers
or
visudo
You may also create a new file inside /etc/sudoers.d directory to add the rules.
3. Locate the User privilege specification
section and add the following line:
[username] ALL=(ALL:ALL) ALL
foo (ALL:ALL) ALL
- This means the user foo has all privileges and is able to run any commands.
%developers ALL=(ALL) ALL
- You can add a group to sudo by using %groupname
bob ALL=(ALL) NOPASSWD:/bin/df,/bin/ls
- Can restrict sudo user to only specific commands and enable no password.
Check User Has Sudo Access
Here are some methods to check sudo access.
Using Sudo Command
The simplest way to check sudo access is by running any command as sudo and if there is an error, then you do not have sudo access.
Sudo command can also be used to check access for other users.
For example:
sudo -l -U foo
You can see that the user foo can run all commands on this system.
Check User Groups
We can check the group to which user belongs using the groups command.
For example:
groups tom
As we can see, user tom is part of the sudo group and thus has sudo privileges.
Listing Users in Sudo Group
Another way to check if the user has sudo privileges is to list all the members of the sudo group. For example:
getent group sudo
The preceding example shows users that are added to the sudo group but remember it doesn't show users added in the sudoers file.
Remove User from Sudo Group
You can simply run the following command to remove a user from sudo group:
deluser bob sudo
Now the user bob
no longer has any sudo privileges. If you added sudo users through the sudoers file then has to be manually removed from that file.
Conclusion
In this tutorial, we learned how to add a user to sudoers file or sudo group on Ubuntu.
Now you can allow authorized users to run root commands. At the same time, you can prevent unauthorized users from causing any damage to your system.
Comments