sudo is a command-line utility that enables authorized users to run commands as root or another user.
This article will demonstrate two methods for granting sudo capabilities to a user.
The first step is to include the user in the sudoers file. This file lists which users and groups have sudo rights and how much those rights give them.
The second way is to add the user to the sudoers file’s sudo group. On Ubuntu and Linux Mint, which are both based on Debian, all members of the “sudo” group have sudo privileges automatically granted to them when they log in.
Incorporating users into the sudo group
The simplest approach to provide sudo capabilities to a user on Ubuntu is to add the user to the “sudo” group. Members of this group may run any command as root using sudo and will be required to provide their password when doing so.
We’ll assume the user already exists. Check out this instruction if you wish to create a new user.
Run the command below as root or another sudo user to add the user to the group. Make careful to replace “username” with the name of the user whose rights you wish to provide.
usermod -aG sudo username
This approach of granting sudo access is enough for most use situations.
Run the whoami command to verify that the user has sudo capabilities.:
sudo whoami
You will be asked to enter your password. If the user has sudo privileges, the command will output “root”:
root
An error message stating “user is not in the sudoers file” indicates that the user does not have sudo rights.
Incorporating Users into the Sodoers File
The /etc/sudoers file specifies which users and groups have sudo access. Customized command access and security policies may be set up by adding the user to this file.
You may alter the sudoers file or create a new file in the /etc/sudoers.d directory to set the user’s access to sudo. The sudoers file includes the files under this directory.
/etc/sudoers should only be edited using visudo. When you save the file, this command checks for syntax mistakes. The file will not be saved if there are any mistakes. It’s possible that a syntax mistake may result in the sudo access being lost if the file is opened in text editor.
To access the sudoers file, visudo usually utilises vim. If you’re not familiar with vim and want to use nano instead, execute the following command to make nano the default editor:
EDITOR=nano visudo
The user may wish to perform sudo commands without being prompted for a password. Open the /etc/sudoers file to do so:
visudo
Towards the end of the document, type the following:
/etc/sudoers
username ALL=(ALL) NOPASSWD:ALL
Then exit the editor and save your work. Ensure that “username” is replaced with the username you want to provide access.
Another common example is allowing the user to perform just a limited number of tasks with the command sudo. You may use the following command to restrict access to just two commands: mkdir and rmdir.
/etc/sudoers
username ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir
Create a new file in the /etc/sudoers.d directory with authorisation rules instead of updating the sudoers file. This will achieve the same thing as modifying it directly. Rule addition is similar to that of a sudoers file:
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username
This method makes it easier to keep the sudo privileges. The file’s name is irrelevant. The name is typically the same as the user’s login name.
Conclusion
Adding a user to the “sudo” group is all that is required to provide that user with sudo privileges in Ubuntu; the process is quite straightforward.
Feel free to leave a comment below with any queries you may have.