How to add a user to the sudoers file in Linux

By
ssazglobe
-
0
339

[ad_1]

fatmawati achmad zaenuri / Shutterstock.com

If you are told that a user is “not in the sudoers file”, you can give them full sudo privileges with the usermod command. To control what a user can do with sudo, edit the sudoers file with visudo.

People who can use Linux sudo commando are members of a small, select club, sometimes called the “sudoers” list. Each member has the same powers as root. So how do you join that club? We will see how to add a person to sudoers and how to edit the sudoers file to limit permissions.

sudo: your alter ego with superpowers

On Linux installations, the root user is the user with the most privileges. They can perform any administrative task, access any file regardless of who owns it, and can create, manipulate, and even delete other users.

This level of power is dangerous. Yes root make a mistake, the results can be catastrophic. They have the ability to mount and unmount file systems and completely overwrite them. A much safer way to work is to never log in as root.

Designated users can use sudo to temporarily gain administrative powers, perform the required action, and then return to its normal, unprivileged state. This is safer because you consciously invoke your higher powers when you need them and while you are focused on doing whatever it is that requires them.

the sudo The command is the Linux equivalent of yelling “Shazam”. When the scary stuff is over, you ditch your overpowered alter ego and revert to your normal, humdrum self.

Sign in as root it’s off by default in most modern distributions, but it can be reset. It is not recommended to use the root account for daily work. Bugs that would normally affect a single user, or would be blocked entirely due to insufficient privileges, can run unhindered if root emits them.

Modern Linux Distributions Grant sudo privileges to the user account that is created during the installation or post-installation configuration steps. If someone else tries to use sudo You will see a warning message like this:

mary is not in the sudoers file. This incident will be reported.

That seems pretty clear. our user mary I can not use sudo because she is not “in the sudoers file”. So let’s see how we can add it.

RELATED: How to control access to sudo in Linux

The sudoers and visudo file

Before anyone can use the sudo command we have to work with the sudoers proceedings. This lists the user groups of users who can use sudo. If we need to make modifications to the file, we must edit it.

the sudoers proceedings have to be opened using the visudo domain. This blocks the sudoers file and prevents two people from trying to make changes at the same time. It also performs some sanity checks before saving your edits, making sure they parse correctly and are syntactically sound.

Note that visudo is not an editor, it starts one of its available editors. On Ubuntu 22.04, Fedora 37 and Manjaro 21, visudo launched nano. That might not be the case on his computer.

If we want to give someone full access sudo privileges, we only need to refer to certain information from the sudoers proceedings. If we want to be more granular and give our user some of the capabilities of rootwe need to edit the file and save the changes.

Either way, we need to use visudo.

RELATED: How to exit the Vi or Vim editor

Add a new sudo user in Ubuntu and other Linux distributions

We have two users who need access to root privileges in order to perform their job functions. They are Tom and Mary. Maria needs to have access to everything. root can do. Tom just needs to install apps.

Let’s add Mary to the sudoers group first. we have to start visudo.

sudo visudo

Release visudo on Ubuntu Linux

Scroll down the editor until you see the “Specify User Privileges” section. Look for a comment that says something along the lines of “Allow members of this group to execute any command.”

The sudoers file open in the nano editor

We are told that the members of the sudo The group can execute any command. All we need to know in Mary’s case is the name of that group. Is not always sudo ; can be wheel or something else. Now that we know the name of the group, we can close the editor and add Mary to that group.

we are using the usermod command with the -a (add) and -G (group name) options. the -G The option allows us to name the group we would like to add the user to, and the -a option says usermod to add the new group to the list of existing groups that this user is already in.

If you don’t use the -a option, the only group your user will be in is the newly added group. Please check again and make sure you have included the -a option.

sudo usermod -aG sudo mary

Using usermod to add user mary to sudo group

The next time Mary logs in, she will have access to sudo. We are logged in and are trying to edit the file system table file, “/etc/fstab”. This is a file that is off limits to all but root.

sudo nano /etc/fstab

Using usermod to add user mary to sudo group

The nano editor opens with the “/etc/fstab” file loaded.

user mary editing /etc/fstab file using sudo

Without sudo privileges, you will only be able to open it as a read-only file. Mary no longer has those restrictions. She can save any changes she makes.

Close the editor and No save the changes you have made.

Limit sudo privileges by editing the sudoers file

Our other user, Tom, will be granted permission to install software, but will not receive all of the privileges that Mary was granted.

We need to edit the sudoers proceedings.

sudo visudo

Release visudo on Ubuntu Linux

Scroll down the editor until you see the “Specify User Privileges” section. Look for a comment that says something along the lines of “Allow members of this group to execute any command.” It’s the same point in the file where we found the name of the group we needed to add Mary to.

Add these lines below that section.

# user tom can install software
tom     ALL=(root) /usr/bin/apt

Add new entries to sudoers file

The first line is a simple comment. Note that there is a tab between the username “tom” and the word “Everyone”.

This is what the items on the line mean.

  • Thomas: The username default group. This is usually the same as your user account name.
  • ALL =: This rule applies to all hosts on this network.
  • (root): Members of the group “tom”, i.e. the user Tom, can assume root privileges, for the listed commands.
  • /usr/bin/apt: This is the only command that user Tom can execute as root.

We have specified the apt package manager here because this computer uses Ubuntu Linux. You will need to replace this with the appropriate command if you are using a different distribution.

Let’s log in with Tom and see if we get the expected behavior. We will try to edit the “/etc/fstab” file.

sudo nano /etc/fstab

Trying to edit /etc/fstab file without sudo privileges

That command is rejected and we are told that “user tom cannot run ‘/usr/bin/nano/etc/fstab’ as root…”

That’s what we wanted. User Tom is supposed to only be able to use the apt packaging manager. Let’s make sure they can do that.

sudo apt install neofetch

Tom user using apt command with sudo

The command is executed successfully for Tom.

Anyone who has this command

If all your users can use sudo, you will have the chaos in your hands. But it’s worth promoting to other users so they can share your administrative burden. Just make sure they are worthy and keep an eye on them.

Even if you are the only user on your computer, it is worth considering creating another user account and giving it full access to sudo. That way, if you ever find yourself locked out of your primary account, you have another account you can log in with to try and remedy the situation.

RELATED: How to check the use of the sudo command in Linux

[ad_2]