sudoers
HomeLinux / How to Add Users to the Sudoers File on Linux
Linux

How to Add Users to the Sudoers File on Linux

Share this post on:

Managing user permissions is a critical aspect of Linux system administration. One of the most common tasks is adding users to the sudoers file, which grants them administrative privileges. This article will guide you through adding a user, modifying the sudoers file and explaining why this might be necessary.

Table of Contents

  1. Why Grant Sudo Access?
  2. Creating a New User
  3. Adding the User to the Sudoers File
  4. Conclusion

Why Grant Sudo Access?

Giving users sudo access allows them to execute commands with administrative (root) privileges without switching to the root user. This is useful for:

  • System Maintenance: Developers, DevOps engineers, and administrators often need elevated privileges for updates and system maintenance.
  • Security: Granting limited sudo access to specific commands can enhance security by reducing the need for root access.
  • Troubleshooting: Users can perform necessary tasks to troubleshoot and fix issues on the system.

While sudo access is powerful, it should be given cautiously, as misuse of administrative privileges can lead to system instability or security vulnerabilities.

Creating a New User

First, let’s create a new user. Replace username with your desired username.

 # sudo adduser username

This command will prompt you to set a password for the user and fill in some optional user information.

Adding the User to the Sudoers File

Once the user is created, the next step is to give them sudo privileges. There are three ways to achieve this:

  1. Adding the User to the sudo Group:

In most modern Linux distributions, adding a user to the sudo group is sufficient to grant them sudo privileges.

# sudo usermod -aG sudo username

After running this command, the user username will have sudo access. Log out and log back in for the changes to take effect.

2. Editing the Sudoers File Directly:

If your system does not have a sudo group or you want more granular control, you can directly edit the sudoers file using the visudo command:

# sudo visudo

Scroll down to the section that looks like this:

# User privilege specification
root    ALL=(ALL:ALL) ALL

Add the following line below it, replacing username with your new user’s name:

username    ALL=(ALL:ALL) ALL

3. Creating a sudoes file in /etc/sudoers.d/ :

Another extensible way of adding a user to sudoers is by adding a file in /etc/sudoers.d/ with similar configuration as above. The advantage of doing this is this file is less likely to be overwritten during package updates. Create a file at /etc/sudoers.d/80-local and add the following to it.

username    ALL=(ALL:ALL) ALL

What do the permissions mean?

The ALL=(ALL:ALL) ALL specification in the sudoers file is a configuration line that defines what commands a user is allowed to execute with elevated privileges. Here’s a breakdown of what each part means:

  • username ALL=: This part specifies that the rule applies to all hosts. In most cases, this just means the local machine, but in a networked environment, this could specify particular hosts.
  • (ALL:ALL): This part specifies the user and group permissions:
    • First ALL: The first ALL inside the parentheses specifies the user context under which the commands can be run. By setting this to ALL, it means the user can run commands as any user, including root.
    • Second ALL (after the colon): This specifies the group context under which the commands can be run. Setting it to ALL allows running commands as any group.
  • ALL (after the parentheses): This specifies which commands the user is allowed to run. Setting this to ALL means the user can run all commands.

For example if you want to grant a user permission to only update or upgrade system packages, you need to limit the commands they can run with sudo by specifying those commands explicitly in the sudoers file. This would look like this for Debain/Ubuntu systems;

username ALL=(ALL) NOPASSWD: /usr/bin/apt update, /usr/bin/apt upgrade

NOPASSWD means the user will not be prompted for a password when they run this command.

Conclusion

Adding users to the sudoers file is a straightforward way to give administrative access to trusted users on your Linux system. Whether for development, system maintenance, or troubleshooting, sudo privileges are essential but should be assigned responsibly. Always ensure that users understand the implications of having sudo access and monitor its use to maintain system security.

By following the steps outlined above, you can effectively manage user permissions and maintain control over who can perform administrative tasks on your Linux server.

Share this post on:
Post read time 3 min read

Related Posts

Boot-Time Configuration for On-Premise Linux Servers: Unlocking the Power of cloud-init
Linux
Boot-Time Configuration for On-Premise Linux Servers: Unlocking the Power of cloud-init
Getting Started with Squid Proxy Server in the Cloud
Linux
Getting Started with Squid Proxy Server in the Cloud
Getting Started with HAProxy Server in the Cloud
Linux
Getting Started with HAProxy Server in the Cloud