As a Linux administrator, it is crucial to learn how to add a user to the sudoers file on Linux. It gives root access to the added user. To elaborate, the added user now has administrative privileges.
Types of Users in Linux
Linux is a multi-user operating system, and several types of users exist on the Linux machine—which includes a root user and a normal user. The root is the main user in the Linux system, it has all the administrative permissions and can access any service. However, it should not be used for routine use.
On the other hand, a normal user on a Linux system has moderate privileges. It can perform routine tasks and have certain specific permissions. However, you can register any normal user in the sudoers file to grant root access to that user.
Why Use Sudo?
Similar to the administrator account in Windows, the root account in Linux should be separate from the normal user account. If the root account is used regularly, then there is a risk of exposing the crucial system files. There is a chance that someone will use the system illegally and bring harm, especially to an organization.
For instance, they could wipe out the entire system using the rm -rf command without any prompt. It can be quite devastating in the organizational setting. Unless required, you should avoid using the root account. Instead, use the sudo to escalate the privileges when required and remove them when not required.
How to Add a User to the sudoers File on Linux
In Linux systems, you can determine which user is a part of which sudo group. Furthermore, you can also add a particular user to the sudoers list, grant permissions, and edit the sudoers file. In this article, we will look at how you can add a user to the sudoers file in two ways. So, let’s get started.
Create a New User to add in Sudoers File
First, create a new normal user that you will add to the sudoers file. To get started, open the terminal by typing “Ctrl + Alt + T” and add a new user. The syntax looks something like this:
sudo adduser newuserSpecifically, type:
sudo adduser maryThe adduser command creates a new user, its group and its directory. Make sure to replace the newuser with the username of your choice. As soon as you hit “Enter” key, the shell will ask for more information related to the current user. Add the optional fields or skip them by pressing Enter key.
Add a User to Sudoers on Linux File Using Visudo Command
Next, we will add the user to the sudoers file. For this step, use the visudo command. On the terminal, type:
sudo suvisudo
Output:
This will open the sudo users list. The default editor for this file is vim editor. However, if you are unfamiliar with vim, you can open it using the nano editor. For example:
EDITOR=nano visudoScroll down using the down arrow key to the bottom. Type the code given below under the statement root ALL=(ALL) ALL:
user ALL=(ALL) ALLFor example:
mary ALL=(ALL) ALLOutput:
Alternatively, type:
/etc/sudoers
username ALL=(ALL) NOPASSWD:ALLMake sure to replace the user with the user’s name that exists in the system. Press “Ctrl + S” to save and “Ctrl + X” to exit the editor.
The visudo file is located in the /etc/sudoers.d directory. Instead of editing the existing file, you can create a new one with the authorization rules at the same location. Execute the command given below to create an authorization rule and save it in a new file at /etc/sudoers.d directory.
Input:
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/usernameThe name of the file can be of your choice. However, it is a common practice to rename the file the same as the username used in the Linux machine.
Finally, the added users can also perform operations with the sudo command. You can use the same visudo command to remove the users when required.
Add a User Using the Usermod Command on Linux
Apart from the visudo command, another easiest method to grant sudo privilege to users is to add it to the sudo group. This gives the users the right to execute any command and authenticate themselves with the sudo password. The syntax for the command looks like this:
usermod -aG sudo username-a: add the changes to the existing configuration.-G: the name of the group the user should be added to.Username: the username existing on the machine.
For example:
usermod -aG sudo maryYou should get a similar output:
Make sure to replace the username with the name existing in the Linux system. To ensure that the process has been completed successfully, run the whoami command. Specifically, type:
sudo whoamiIf you get an output similar to the one displayed below, it means the user has sudo access. The output elaborates that the command will ask for the user password. If the user account is not a sudo account, it does not ask for a password.
Verify Sudo Access
To ensure that you have escalated a user’s permissions, either check the group the user belongs to or the sudo access. To view the groups, type:
groups usernameYou should get a similar output:
Make sure to replace the username with the name of the user to whom you have assigned the permissions. Alternatively, you can check for the sudo access by executing the command given below:
su - usernameAs soon as you hit “Enter” key, you will get a password prompt only if the current user is the root user. Sample output:
In conclusion, sudo is a command-line utility that allows users to execute commands as root users. Also, this command strikes a balance between the system and protects it from malicious users. In addition, assigning this privilege is a simple task in Linux.
In this article, we have discussed a procedure to add normal users to sudoers files or sudo groups on Linux machines. We hope you found this tutorial to be practical. To learn more about sudo, check out the official documentation.
If you liked this article, please share it.
