Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Linux Last updated: September 15, 2023
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Before we learn how to add users as sudoers in Ubuntu, we must understand how we will likely get here. For instance, when you want to manage services or install or update software on Ubuntu. Have you ever tried to execute a command to try any of the above and got “Access Denied” as the feedback? 

Such instances will require you to run commands as the root or superuser. However, this approach is not advisable for security reasons. Running commands as the root may cause issues with your system if the user messes up with some settings. 

Ubuntu, one of the most used Linux distributions, has a feature known as sudo that allows a user to run commands with advanced privileges instead of logging in as root. 

This article will explain who sudoers are, why you may need sudoers, and how to add them to your Ubuntu operating system. 

What is Sudo/ Sudoers?

But why not use su or switch user command? The switch user command allows you to log in as root. When you run it, the system will ask you for the root password, and you can do your thing. You can add new files/ software and make all the changes. However, you may forget to log out as root, and one simple typo may erase important files or the entire hard drive. 

Sudo is the short form for “superuser do”. Such users execute commands with elevated privileges, and they can install and update software or even change system settings. A sudoer is a user who has such rights. Sudo users must always use the ‘sudo’ keyword before they execute any command on Ubuntu. However, you don’t have to log out after executing your commands. 

If you have several users on your Ubuntu system, not all will have sudo rights. However, during installation, the first user you create will have sudo privileges by default. Only users of the sudoers file or group can execute sudo commands. 

  • A sudoers file– a configuration file that defines which users can use sudo and how.
  • Sudoers group– a special group of users with sudo rights. 

Scenarios where it’s necessary to grant users sudo access

You may allow certain users to run sudo commands on your personal or office computer. You can allow them if:

  • You have a team of administrators or developers that need to perform tasks needing root access. For instance, they may need to install software or update the system. 
  • You want to limit users’ access to certain files or directories in your system, and you don’t give them full access. 
  • You have a guest user for a one-time task that requires root access. For instance, you need someone to install and configure specialized software or update the system. 

Importance of Granting sudo Privileges to Users

  • Improve your system’s security: You don’t have to allow users to log on to your system as root users, which may expose your system to potential threats and errors. Giving the sudo privileges allows them to have access to only what they need. 
  • You can customize permissions: Adding sudo users allows you to specify which commands they can run and when they can run them. You can also specify if these users need a password to run such commands. 
  • It makes monitoring users easy: You can check the /var/log/auth.log file to see all the commands that sudoers run on your system. 

Prerequisites for Adding a User to the sudoers file

  • User account with sudo privileges: You need to add a user to sudoers while logged into an account with sudo rights. 
  • Username: If you have several users on your system, you must know the username of the user to add to a sudoers file or group. 
  • A text editor: Ubuntu uses Nano as the default editor. However, you can change to others. 

Add a User to the sudoers File

There are several approaches to adding users to the sudoers file. However, before that, we need to create a new user. 

I want to create a new user named ‘titus”. You can follow along:

  • Log in to a user account with sudo privileges, and run this command: sudo adduser titus. You can replace “titus” with the name of the user you want to create. 
Sudo adduser
  • Enter your password. The command line will prompt you to enter your password.
  • Set a new password and then confirm
Sudo adduser password
  • Follow the prompts (you can choose the defaults) and click ‘Y’ to confirm all the details.
Sudo adduser confirmation

You now have a new user. 

There are two approaches to adding sudoers in Ubuntu

#1: Add the user to the sudo group

We can now add the user we created to the sudo group. Run this command when signed in as another sudo user or root user. 

sudo usermod -aG sudo username

Replace the ‘username’ with the user you want to make a sudoer. For my case, the command will be;

sudo usermod -aG sudo titus

You have now added the new user to the sudo group. 

#2: Add user to Sudoers File

We have already seen that a typical Linux system like Ubuntu has different users. Such users can be allowed different Linux file and directory permissions in the system. For instance, you can allow the users to ‘read’, ‘write’, or ‘execute’ files in a Unix system. 

We can define which users can use sudo and how by defining this in the sudoers file. We use this path /etc/sudoers to locate the sudoers file. 

Assuming you already have a user without sudo rights, these are the steps to follow:

  • Open your terminal
  • Use this command to open the file
sudo visudo

You will be prompted to enter your password. 

sudo
  • Edit the file. After running the command, you will have something like this;
Sudoers file

I have a user named ‘kamunya’ that I want to give all sudo rights. 

Locate the section that looks like this:

# User privilege specification

root    ALL=(ALL:ALL) ALL

I can now add a line that allows ‘kamunya’ all the sudo rights as follows:

kamunya    ALL=(ALL:ALL) ALL
  • Save and exit. You can use these shortcuts: Ctrl+O to write the changes and Ctrl+X to exit.

You now have a new sudo user that you have added through the sudoers file. If I wanted to give my user (kamunya) specific rights like updating software without requiring a password, I could have followed the same steps but added this line:

kamunya ALL=(ALL:ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get upgrade

How to Check if a User has sudo Rights

You may have followed all these steps, but you are still not sure if the users on your system are sudoers. You can use these approaches to check:

Use sudo command

I will check if a user named ‘titus’ is a sudoer. The command will be:

sudo -l -U titus

You can replace ‘titus’ with the username of the user you want to check.

If the user is a sudoer, you will get something close to this;

A sudoer

If the user does not have sudo rights, you are likely to get this error, User ‘username’ is not allowed to run sudo on ‘name of your machine’

Check sudo groups

When you create a sudo user, the system automatically assigns this user to a group bearing the username you chose. For instance, I have a sudo user named ‘tk’. I can check if this user belongs to a group through this command;

groups tk

You can replace ‘tk’ with your username. 

You will get something similar to this;

Sudo groups

How to Delete a sudo user

There are several instances in which you may want to delete a sudo user. For instance, you messed up when setting up the profile, or the user you created was supposed to do a one-time task. 

You can use the GUI or command line to delete a user from your Ubuntu system. This is how you can delete a user using the command line:

  • Run this command sudo deluser username, where you replace ‘username’ with the profile you want to delete. This approach will remove the user, but the user files will remain. 

I have removed one of my users (kamunya)

Delete sudo user

If you want to remove the user files, run the command as follows;

sudo deluser --remove-home username

In my case, it will be:

sudo deluser --remove-home kamunya

Best Practices for Managing Users in the sudoers file

  • Utilize visudo command: If you decide to add sudoers by adding them to the sudoer file, always use the visudo command. Once done, check for typos, save, and exit the editor.
  • Use groups: Instead of adding individuals as sudo users, every time you want to add new users, you can add them to a group. You can have different groups like ‘administrators’  and ‘developers’ with varying rights. 
  • Document access: Keep records of who you have given sudo privileges and what they can do. Such an approach makes it easy for new employees to pick in case there are changes. 
  • Monitor access: Always monitor what the different users you have added as sudoers are logging into the system. Frequent reviews also allow you to delete users or change privileges as needs change. 

Conclusion

Ubuntu is one of the most-used operating systems by administrators and programmers. However, you must ensure that you give the right users the right privileges when accessing your system. 

You now understand who sudoers are and the different approaches to adding them to Ubuntu. Such users no longer have to log in to your system with full access but with limited abilities that will help you get the work done. 

You may also explore some Linux performance commands to know as a system administrator.

  • Titus Kamunya
    Author
    Titus is a Software Engineer and Technical Writer. He develops web apps and writes on SaaS, React, HTML, CSS, JavaScript, Ruby and Ruby on Rails read more
  • Narendra Mohan Mittal
    Editor

    Narendra Mohan Mittal is a Senior Digital Branding Strategist and Content Editor with over 12 years of versatile experience. He holds an M-Tech (Gold Medalist) and B-Tech (Gold Medalist) in Computer Science & Engineering.


    read more
Thanks to our Sponsors
More great readings on Linux
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder