If you are told that a user is “not in the sudoers file”, you can give them full sudo privileges with the usermod command. To control what a user can do with sudo, edit the sudoers file with visudo.
People who can use Linux
sudo commando are members of a small, select club, sometimes called the “sudoers” list. Each member has the same powers as
root. So how do you join that club? We will see how to add a person to sudoers and how to edit the sudoers file to limit permissions.
sudo: your alter ego with superpowers
On Linux installations, the root user is the user with the most privileges. They can perform any administrative task, access any file regardless of who owns it, and can create, manipulate, and even delete other users.
This level of power is dangerous. Yes
root make a mistake, the results can be catastrophic. They have the ability to mount and unmount file systems and completely overwrite them. A much safer way to work is to never log in as
Designated users can use
sudo to temporarily gain administrative powers, perform the required action, and then return to its normal, unprivileged state. This is safer because you consciously invoke your higher powers when you need them and while you are focused on doing whatever it is that requires them.
sudo The command is the Linux equivalent of yelling “Shazam”. When the scary stuff is over, you ditch your overpowered alter ego and revert to your normal, humdrum self.
Sign in as
root it’s off by default in most modern distributions, but it can be reset. It is not recommended to use the root account for daily work. Bugs that would normally affect a single user, or would be blocked entirely due to insufficient privileges, can run unhindered if
root emits them.
Modern Linux Distributions Grant
sudo privileges to the user account that is created during the installation or post-installation configuration steps. If someone else tries to use
sudo You will see a warning message like this:
mary is not in the sudoers file. This incident will be reported.
That seems pretty clear. our user
mary I can not use
sudo because she is not “in the sudoers file”. So let’s see how we can add it.
RELATED: How to control access to sudo in Linux
The sudoers and visudo file
Before anyone can use the
sudo command we have to work with the
sudoers proceedings. This lists the user groups of users who can use
sudo. If we need to make modifications to the file, we must edit it.
sudoers proceedings have to be opened using the
visudo domain. This blocks the
sudoers file and prevents two people from trying to make changes at the same time. It also performs some sanity checks before saving your edits, making sure they parse correctly and are syntactically sound.
visudo is not an editor, it starts one of its available editors. On Ubuntu 22.04, Fedora 37 and Manjaro 21,
visudo launched nano. That might not be the case on his computer.
If we want to give someone full access
sudo privileges, we only need to refer to certain information from the
sudoers proceedings. If we want to be more granular and give our user some of the capabilities of
rootwe need to edit the file and save the changes.
Either way, we need to use
RELATED: How to exit the Vi or Vim editor
Add a new sudo user in Ubuntu and other Linux distributions
We have two users who need access to root privileges in order to perform their job functions. They are Tom and Mary. Maria needs to have access to everything.
root can do. Tom just needs to install apps.
Let’s add Mary to the sudoers group first. we have to start
Scroll down the editor until you see the “Specify User Privileges” section. Look for a comment that says something along the lines of “Allow members of this group to execute any command.”
We are told that the members of the
sudo The group can execute any command. All we need to know in Mary’s case is the name of that group. Is not always
sudo ; can be
wheel or something else. Now that we know the name of the group, we can close the editor and add Mary to that group.
we are using the
usermod command with the
-a (add) and
-G (group name) options. the
-G The option allows us to name the group we would like to add the user to, and the
-a option says
usermod to add the new group to the list of existing groups that this user is already in.
If you don’t use the
-a option, the only group your user will be in is the newly added group. Please check again and make sure you have included the
sudo usermod -aG sudo mary
The next time Mary logs in, she will have access to
sudo. We are logged in and are trying to edit the file system table file, “/etc/fstab”. This is a file that is off limits to all but
sudo nano /etc/fstab
The nano editor opens with the “/etc/fstab” file loaded.
sudo privileges, you will only be able to open it as a read-only file. Mary no longer has those restrictions. She can save any changes she makes.
Close the editor and No save the changes you have made.
Limit sudo privileges by editing the sudoers file
Our other user, Tom, will be granted permission to install software, but will not receive all of the privileges that Mary was granted.
We need to edit the
Scroll down the editor until you see the “Specify User Privileges” section. Look for a comment that says something along the lines of “Allow members of this group to execute any command.” It’s the same point in the file where we found the name of the group we needed to add Mary to.
Add these lines below that section.
# user tom can install software tom ALL=(root) /usr/bin/apt
The first line is a simple comment. Note that there is a tab between the username “tom” and the word “Everyone”.
This is what the items on the line mean.
- Thomas: The username default group. This is usually the same as your user account name.
- ALL =: This rule applies to all hosts on this network.
- (root): Members of the group “tom”, i.e. the user Tom, can assume
rootprivileges, for the listed commands.
- /usr/bin/apt: This is the only command that user Tom can execute as
We have specified the
apt package manager here because this computer uses Ubuntu Linux. You will need to replace this with the appropriate command if you are using a different distribution.
Let’s log in with Tom and see if we get the expected behavior. We will try to edit the “/etc/fstab” file.
sudo nano /etc/fstab
That command is rejected and we are told that “user tom cannot run ‘/usr/bin/nano/etc/fstab’ as root…”
That’s what we wanted. User Tom is supposed to only be able to use the
apt packaging manager. Let’s make sure they can do that.
sudo apt install neofetch
The command is executed successfully for Tom.
Anyone who has this command
If all your users can use
sudo, you will have the chaos in your hands. But it’s worth promoting to other users so they can share your administrative burden. Just make sure they are worthy and keep an eye on them.
Even if you are the only user on your computer, it is worth considering creating another user account and giving it full access to
sudo. That way, if you ever find yourself locked out of your primary account, you have another account you can log in with to try and remedy the situation.
RELATED: How to check the use of the sudo command in Linux