Before we learn how to add users as sudoers in Ubuntu, we must understand how we will likely get here. For instance, when you want to manage services or install or update software on Ubuntu. Have you ever tried to execute a command to try any of the above and got “Access Denied” as the feedback?
Such instances will require you to run commands as the root or superuser. However, this approach is not advisable for security reasons. Running commands as the root may cause issues with your system if the user messes up with some settings.
Ubuntu, one of the most used Linux distributions, has a feature known as sudo that allows a user to run commands with advanced privileges instead of logging in as root.
This article will explain who sudoers are, why you may need sudoers, and how to add them to your Ubuntu operating system.
What is Sudo/ Sudoers?
But why not use su or switch user command? The switch user command allows you to log in as root. When you run it, the system will ask you for the root password, and you can do your thing. You can add new files/ software and make all the changes. However, you may forget to log out as root, and one simple typo may erase important files or the entire hard drive.
Sudo is the short form for “superuser do”. Such users execute commands with elevated privileges, and they can install and update software or even change system settings. A sudoer is a user who has such rights. Sudo users must always use the ‘sudo’ keyword before they execute any command on Ubuntu. However, you don’t have to log out after executing your commands.
If you have several users on your Ubuntu system, not all will have sudo rights. However, during installation, the first user you create will have sudo privileges by default. Only users of the sudoers file or group can execute sudo commands.
A sudoers file– a configuration file that defines which users can use sudo and how.
Sudoers group– a special group of users with sudo rights.
Scenarios where it’s necessary to grant users sudo access
You may allow certain users to run sudo commands on your personal or office computer. You can allow them if:
You have a team of administrators or developers that need to perform tasks needing root access. For instance, they may need to install software or update the system.
You want to limit users’ access to certain files or directories in your system, and you don’t give them full access.
You have a guest user for a one-time task that requires root access. For instance, you need someone to install and configure specialized software or update the system.
Importance of Granting sudo Privileges to Users
Improve your system’s security: You don’t have to allow users to log on to your system as root users, which may expose your system to potential threats and errors. Giving the sudo privileges allows them to have access to only what they need.
You can customize permissions: Adding sudo users allows you to specify which commands they can run and when they can run them. You can also specify if these users need a password to run such commands.
It makes monitoring users easy: You can check the /var/log/auth.log file to see all the commands that sudoers run on your system.
Prerequisites for Adding a User to the sudoers file
User account with sudo privileges: You need to add a user to sudoers while logged into an account with sudo rights.
Username: If you have several users on your system, you must know the username of the user to add to a sudoers file or group.
A text editor: Ubuntu uses Nano as the default editor. However, you can change to others.
Add a User to the sudoers File
There are several approaches to adding users to the sudoers file. However, before that, we need to create a new user.
I want to create a new user named ‘titus”. You can follow along:
Log in to a user account with sudo privileges, and run this command: sudo adduser titus. You can replace “titus” with the name of the user you want to create.
Enter your password. The command line will prompt you to enter your password.
Set a new password and then confirm
Follow the prompts (you can choose the defaults) and click ‘Y’ to confirm all the details.
You now have a new user.
There are two approaches to adding sudoers in Ubuntu
#1: Add the user to the sudo group
We can now add the user we created to the sudo group. Run this command when signed in as another sudo user or root user.
sudo usermod -aG sudo username
Replace the ‘username’ with the user you want to make a sudoer. For my case, the command will be;
sudo usermod -aG sudo titus
You have now added the new user to the sudo group.
#2: Add user to Sudoers File
We have already seen that a typical Linux system like Ubuntu has different users. Such users can be allowed different Linux file and directory permissions in the system. For instance, you can allow the users to ‘read’, ‘write’, or ‘execute’ files in a Unix system.
We can define which users can use sudo and how by defining this in the sudoers file. We use this path /etc/sudoers to locate the sudoers file.
Assuming you already have a user without sudo rights, these are the steps to follow:
Open your terminal
Use this command to open the file
You will be prompted to enter your password.
Edit the file. After running the command, you will have something like this;
I have a user named ‘kamunya’ that I want to give all sudo rights.
Locate the section that looks like this:
# User privilege specification
root ALL=(ALL:ALL) ALL
I can now add a line that allows ‘kamunya’ all the sudo rights as follows:
kamunya ALL=(ALL:ALL) ALL
Save and exit. You can use these shortcuts: Ctrl+O to write the changes and Ctrl+X to exit.
You now have a new sudo user that you have added through the sudoers file. If I wanted to give my user (kamunya) specific rights like updating software without requiring a password, I could have followed the same steps but added this line:
You may have followed all these steps, but you are still not sure if the users on your system are sudoers. You can use these approaches to check:
Use sudo command
I will check if a user named ‘titus’ is a sudoer. The command will be:
sudo -l -U titus
You can replace ‘titus’ with the username of the user you want to check.
If the user is a sudoer, you will get something close to this;
If the user does not have sudo rights, you are likely to get this error, User ‘username’ is not allowed to run sudo on ‘name of your machine’.
Check sudo groups
When you create a sudo user, the system automatically assigns this user to a group bearing the username you chose. For instance, I have a sudo user named ‘tk’. I can check if this user belongs to a group through this command;
You can replace ‘tk’ with your username.
You will get something similar to this;
How to Delete a sudo user
There are several instances in which you may want to delete a sudo user. For instance, you messed up when setting up the profile, or the user you created was supposed to do a one-time task.
You can use the GUI or command line to delete a user from your Ubuntu system. This is how you can delete a user using the command line:
Run this command sudo deluser username, where you replace ‘username’ with the profile you want to delete. This approach will remove the user, but the user files will remain.
I have removed one of my users (kamunya)
If you want to remove the user files, run the command as follows;
sudo deluser --remove-home username
In my case, it will be:
sudo deluser --remove-home kamunya
Best Practices for Managing Users in the sudoers file
Utilize visudo command: If you decide to add sudoers by adding them to the sudoer file, always use the visudo command. Once done, check for typos, save, and exit the editor.
Use groups: Instead of adding individuals as sudo users, every time you want to add new users, you can add them to a group. You can have different groups like ‘administrators’ and ‘developers’ with varying rights.
Document access: Keep records of who you have given sudo privileges and what they can do. Such an approach makes it easy for new employees to pick in case there are changes.
Monitor access: Always monitor what the different users you have added as sudoers are logging into the system. Frequent reviews also allow you to delete users or change privileges as needs change.
Ubuntu is one of the most-used operating systems by administrators and programmers. However, you must ensure that you give the right users the right privileges when accessing your system.
You now understand who sudoers are and the different approaches to adding them to Ubuntu. Such users no longer have to log in to your system with full access but with limited abilities that will help you get the work done.
Narendra Mohan Mittal
Narendra Mohan Mittal is a Senior Digital Branding Strategist and Content Editor with over 12 years of versatile experience. He holds an M-Tech (Gold Medalist) and B-Tech (Gold Medalist) in Computer Science & Engineering.