Take Control Of Your Online Life

Advertisement

How To Add Users to ‘sudoers’ in Debian Based Linux

Likely if you are looking at this article you are trying to figure out how to add a user to the ‘Sudoers’ group in order to complete a specific task, generally a terminal based command or are looking at learning a bit more about sudo and the sudoers list.

What Is sudo?

sudo is a command-line utility that allows trusted users to run commands as another user, by default to be ran as root.

Originally, this command stood for ‘superuser do’ as the previous versions of sudo were intended to only run commands as the superuser. As all things change though, later versions adapted to running commands not only as the superuser but also as a different, restricted, user. It has been joked that this sudo command now stands for ‘substitute user do’.

The base functions of the command are still Administrative in nature.

By the end of this guide you will know how to grant a user sudo privileges by adding them to the sudoers file. This is a file which contains the specific set of rules that will determine which specific user or groups will be granted the sudo privileges, as well as the associated level of those privileges.

The second item will be to add the user to the sudo group outlined within the sudoers file. By default these members of the sudo group are granted the sudo access – on Debian and it’s offshoots.

How To Add A User to the sudo Group

If you are looking for the quick answer – you want to add the user to the sudo group itself. All members within this group have the ability to run any command ‘as root’ via the sudo command. They will be prompted to authenticate but the command will then run when successful.

Keep in mind, we are taking into consideration that the user you want to assin to the group already exists.

As root or another sudo user, run the below command to add them to the group.

Ensure that you change ‘username’ to the account of the user that you wish to grant access to.

usermod -aG sudo username

Most of the time – granting this level of access using the usermod command will be enough to complete the needed task.

To ensure that the user has been added to the group, type:

sudo whoami

You will be asked to enter the password. If the user has sudo access, the command will print “root”. Otherwise, you will get an error saying “user is not in the sudoers file”.

Adding User to the sudoers File

The file responsible for providing and granting customized access to the specific commands and also sets custom security policies is defined within the /etc/sudoers file.

Configuring this file by editing or creating a new configruation file within the etc/sudoers.d directory will be included within the sudoers file.

Always use the visudo command to edit the /etc/sudoers file. This command checks the file for syntax errors when you save it. If there are any errors, the file is not saved. If you edit the file with a regular text editor, a syntax error may result in losing the sudo access.

Repeat – always use visudo command to edit the /etc/sudoers file.

visudo uses the editor specified by the EDITOR environment variable, which is by default set to vim. If you want to edit the file with nano, change the variable by running:

EDITOR=nano visudo

Let’s say you want to allow the user to run sudo commands without being asked for a password. To do that, open the /etc/sudoers file:

visudo

Scroll down to the end of the file and add the following line:/etc/sudoers

username  ALL=(ALL) NOPASSWD:ALL

Save the file and quit the editor. Do not forget to change “username” with the username you want to grant access to.

Another typical example is to allow the user to run only specific commands via sudo. For example, to allow only the mkdir and rmdir commands you would use:/etc/sudoers

tyusername ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir

Instead of editing the sudoers file, you can achieve the same by creating a new file with the authorization rules in the /etc/sudoers.d directory. Add the same rule as you would add to the sudoers file:

echo "username  ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username

This approach makes the management of the sudo privileges more maintainable. The name of the file not important, but it is a common practice to name the file according to the username.

Cut To The Chase

If you want to grant sudo access to a user, within Debian or one of it’s offshoots, just add the user into the ‘sudo’ group.

Let us know if this tutorial helped and if we provided some value, we’d appreciate a comment or a share!

Leave a Reply

Your email address will not be published. Required fields are marked *