In Ubuntu (and pretty much all popular Linux distributions), the recommended method for running commands with elevated privileges is the sudo command. Once invoked, non-root users can use this command to act with superuser privileges for 15 minutes.
sudo is an important command in a Linux system because of the structure of the user privileges and access rights. Regular user accounts have limited capabilities, and cannot access critical system areas, such as the /root directory.
This design not only protects users from accidentally executing commands that could have significant consequences but also enhances the system’s protection against potential external threats.
However, there are times when a non-root user needs to run commands that require higher permissions. In these cases, a non-root user needs administrator (root) privileges. Before allocating the superuser privileges to a user, the user should use the whoami command to identify the current user.
Table Of Contents
In this tutorial, we’ll discuss how to add a user to Sudoers and the sudo group in Ubuntu. You can apply these steps to allocate root privileges to a user and verify the current status of a user.
How to Add a User to Sudoers and sudo Group in Ubuntu
Let’s start with the prerequisites.
Prerequisites
Make sure you have the following before going into the steps outlined below:
- A system running a recent Ubuntu version
- An account with root privileges
- Access to a terminal or command line
How to Create a sudo User in Ubuntu
The process of adding a user to the sudo group has the following steps:
Step #1: Create the New User
Login as a root user and launch the terminal. Create a new user with the adduser command that creates the account, a group, and the home directory:
adduser newuser
If you see an error about not having enough permissions (usually for non-root users), you can bypass it with the command:
sudo adduser newuser
Remember to enter (and reenter) a strong password for the user. The system will ask for additional information, such as their name and phone number. These additional information items are optional, and you can skip them without problems.
Step #2: Add the User to the sudo Group
In most Linux distributions, including Ubuntu, all users with administrative privileges are grouped in the sudo group. As an administrator, you need to add the user you created in the previous step to this group to grant them root privileges.
For this, use the usermod command:
usermod -aG sudo newuser
Remember to substitute “newuser” with the username you chose earlier.
The -aG flag instructs the system to add the user to the group. (Note that the -a option is always paired with the -G flag.)
Step #3: Confirm that the User is a Member of the sudo Group
After adding the user, it is always a good idea to verify that the user has been added to the sudo group.
Start with listing the groups a user belongs to with the groups command:
groups newuser
The system will display the username along with all the groups it’s associated with. You can see that our user is a member of the sudo group.
Try Out the Sudo Access
Now that the user is part of the sudo group, they can switch to the sudo role anytime with the su command:
su - newuser
When asked, type in your password. After that, you can simply type and execute commands as usual.
Here’s an example of the impact of the sudo command:
When the user we created in this tutorial (newuser) tries to list the contents of the home directory with the following command, they will see the contents of their home directory:
ls /home
However, when they try to list the contents of the root directory, they will see the Permission denied error because only the members of the sudo group can view this directory.
The user account newuser can run the ls command on the root directory by invoking the sudo command:
sudo ls /root
Root plays a critical role in several critical applications, such as the database, that requires an administrator role for housekeeping and user management. We wrote a detailed tutorial that covered the process of setting a root password for MySQL.
Conclusion
On Ubuntu, managing user privileges, like granting a user sudo privileges, is a crucial activity. A standard user can be elevated to an admin or sudo user, allowing them to execute commands (apt upgrade) by invoking the sudo command.
Admins can allocate this privilege to other users by adding the user to the sudoers or the sudo group. The users in this group have the ultimate root privileges, but directly using the root password for tasks is not recommended. Instead, users with sudo access can complete administrative tasks without full root access.
Ready to enhance your Ubuntu security with sudo privileges? Explore RedSwitches for robust Bare Metal Server options, ideal for managing user access and system protection.
RedSwitches offers the best dedicated server pricing and delivers instant dedicated servers, usually on the same day the order gets approved. Whether you need a dedicated server, a traffic-friendly 10Gbps dedicated server, or a powerful bare metal server, we are your trusted hosting partner.
FAQs
Q. What is a sudo user?
A sudo user is a regular user who has been granted sudo privileges, enabling them to execute commands as the root user.
Q. Why would I want to grant a user sudo privileges?
Granting users sudo privileges allows them to execute commands requiring root privileges without logging in as the root user. This improves system security.
Q. How do I add a user to the sudoers file?
You can add a user to the sudoers file by editing the configuration file with the default editor for the sudo system, typically visudo. This ensures the proper syntax and avoids syntax errors.
Q. How do I allow a normal user to gain sudo access?
The most popular command is to add the user to the “sudo” group using usermod. E.g., sudo usermod -aG sudo . This essentially provides the user with sudo privileges.
Q. Is the passwd file the same as the sudoers file?
No. The passwd file contains details about users, while the sudoers file defines sudo rules and permissions.
Q. How can I use the default editor to modify sudo rules?
Use the visudo command. It will open the sudoers file in the system’s default editor, ensuring the configuration is correct and without syntax errors.
Q. What if I don’t have sudo installed on my system?
You can install sudo using the apt update followed by the apt install command for sudo: apt install sudo.
Q. What’s the difference between a regular user and a user with sudo access?
A regular user operates with standard permissions, while a user with sudo access can execute commands with root privileges after providing their password.
Q. Why is it necessary to run an apt upgrade command sometimes?
We recommend running the apt upgrade command after the apt update command to ensure all packages are up-to-date, including security patches.
Q. What is the root directive?
In the context of the sudoers file, a root directive specifies permissions for the root user. By default, the root user has all permissions.
Q. What should I do if I input an incorrect username?
If you’ve added an incorrect username to the sudoers file, use Visudo to correct it. For user operations, use the appropriate command with the effective username.
Q. Where can I find the directory path for the sudoers file?
The standard directory path for the sudoers file is /etc/sudoers.
Q. Can I create a custom file for additional sudo rules?
Yes, you can create custom files within the /etc/sudoers.d/ directory. Ensure the filename doesn’t have a dot or special characters, and always use Visudo to edit or validate the syntax.
Q. Are there other popular commands associated with sudo privileges?
Commands like the mkdir command to create directories or the ssh command to remotely access systems might require sudo privileges, depending on the directory or system configuration.
Q. What precautions should I take while giving sudo access?
Ensure that the user can be trusted with root privileges, as they’ll have the ability to make significant changes to the system. Also, always validate configurations using visudo to avoid potential issues.
