Table of Contents
Sudo is the name of the group and authority used to perform authorized user operations in Linux operating systems. It used to mean "superuser do", but now it means "substitute user, do".
Users are authorized by adding/removing from this group. So much so that to add to this group, you must either be root user or be in the sudo group.
Another authorization method related to sudo is to write to sudoers file. You can review the article "How to add user to sudoers with best practices & examples" on this subject.
We will now show the add/remove method to the group and its effects on the system.
What is sudo group?
In Ubuntu we have a group named "sudo" created by default
# grep sudo /etc/group
sudo:x:27:deepak
and this group is allowed all the root level access inside /etc/sudoers
.
# grep ^%sudo /etc/sudoers
%sudo ALL=(ALL:ALL) ALL
As you can see, all usera part of sudo
group will have all the sudo access.
So if you want to assign sudo access to any of the system user then it can be added to sudo group. In this tutorial we will learn different ways to add user to sudo group in Ubuntu.
Different methods to add user to sudo group
Method -1- Add to Group with Usermod Command
With sudo an authorized user or root user, the user is added to the sudo group as follows:
[foc@rocky9 ~]$ sudo usermod -aG sudo faruk
After the usermod command, -a
(append) and -G
(group) parameters should be written. The group name is added first, followed by the user name.
-a
parameter is not used, the user leaves the groups he owns and only joins the sudo group i.e. the command will overwrite all the existing group instead of append operation. We just used the -a
parameter because we wanted to add the user to a new group.As a result, the user is added to the sudo group:
[foc@rocky9 ~]$ sudo cat /etc/group | grep sudo sudo:x:27:deepak,foc,faruk [foc@rocky9 ~]$ groups faruk faruk : faruk sudo
Method -2- Add user to sudo group with gpasswd command
We can also use gpasswd command to add user to another group. The gpasswd command's syntax is different. First the user is written, followed by the group name to be added:
[foc@rocky9 ~]$ sudo gpasswd -a faruk sudo
Adding user faruk to group sudo
Now the faruk user has sudo privileges.
Method -3- Manually configuring the group file
In Linux operating systems, groups and users added to groups are located in the /etc/group
file. You can edit the related group by opening this file with the help of an editor:
[foc@rocky9 ~]$ sudo vi /etc/group
The following line:
sudo:x:27:deepak
Edited by adding a new user separated with ",
".
sudo:x:27:deepak,faruk
A comma "," should be added between users for each newly added user.
How to remove user from sudo group?
So far, we have explained how to add to the group. So how do we remove the user from the sudo group?
For this we will use the -d
parameter of the gpasswd command:
[foc@rocky9 ~]$ sudo gpasswd -d faruk sudo
Now let's query the user's groups again:
[foc@rocky9 ~]$ groups faruk
faruk : faruk
[foc@rocky9 ~]$ sudo cat /etc/group | grep sudo
sudo:x:27:deepak
Summary
For help with usermod and gpasswd commands, the following commands should be run in terminal:
[foc@rocky9 ~]$ man usermod [foc@rocky9 ~]$ man gpasswd
Care should be taken when giving and receiving authorization. As a result of wrong authorization, you may be out of your system.
Another thing to be aware of is editing the group file. The commands (usermod, gpasswd) to manage the sudo group are safer.
References
docs.rockylinux.org - User Management(Usermod)
docs.rockylinux.org - User Management(Gpasswd)
Good Day, I think this documentation is good.
But I thnik how to add an Domain Group?
I tested
sudo:x:27:%Domainname:lokaladmin
But the System ask to lokaladmin not for my Domain User , that is login and is super user.
Please give an answer.
Greeting
Jan