How to add user to sudoers or sudo group in Ubuntu


Tips and Tricks, Ubuntu

Author: Omer Cakmak
Reviewer: Deepak Prasad

In most organization you may observe that you will not get root access for the Linux systems and instead you will get sudo level access. So you might wonder what is this sudo and how does it allow you to only run specific commands and not all commands?

In this tutorial will answer all those questions and will also guide to add user to sudo group so that the user can perform tasks which otherwise would be allowed only to root users.

sudo basically stands for "superuser do" i.e. a normal user gets the power of superuser which in Linux is root user. So using sudo a normal user can run all those commands which requires root level access.

 

What is the right method to provide sudo permission to a user?

Before I explain the steps on how to add user to either sudoers or sudo group, you should clearly understand the difference and use the method as per your requirement

In Ubuntu and in most Linux distribution you will find a group named "sudo" which is created by default:

# grep sudo /etc/group
sudo:x:27:deepak

and this group will have complete access to execute all root level commands via /etc/sudoers.

# grep ^%sudo /etc/sudoers
%sudo	ALL=(ALL:ALL) ALL

So this means if you want a specific user to be able to run each and every system commands using sudo privilege then you can simply make that user part of sudo group.

But if you want to narrow down the sudo access, i.e. if you want a user to only be allowed to run some pre-defined specific commands then you should update your rules inside /etc/sudoers or create a new file inside /etc/sudoers.d.

So now I hope you are clear and you can make a smart decision to choose the right method to add a user to either sudoers or sudo group.

 

1. Add user to sudo group

Now ironically to perform this step you will need sudo access or root level access. I hope you were not thinking to do it as a normal user as that would defy the whole meaning of implementing security.

So assuming you have sudo or root access, you can use couple of methods to add user to sudo group.

Using usermod command:

sudo usermod -aG sudo username

After the usermod command, -a (append) and -G (group) parameters should be written. The group name is added first, followed by the user name.

NOTE:
If the -a parameter is not used, the user leaves the groups he owns and only joins the sudo group i.e. the command will overwrite all the existing group instead of append operation. We just used the -a parameter because we wanted to add the user to a new group.

Using adduser command:

Alternatively, you can use the adduser command to add a user to the sudo group. This command is slightly more verbose and interactive:

sudo adduser username sudo

This command does the same thing as usermod but is often considered more user-friendly for beginners. The user will need to re-authenticate or restart their session to apply these new permissions.

Using gpasswd command:

To add a user to the sudo group with gpasswd, you would use the following command:

sudo gpasswd -a username sudo

Here, -a stands for "add", username should be replaced with the actual user's name, and sudo is the name of the group to which the user is being added.

You can choose any of the above methods, verify if the user is added to the sudo group:

[foc@rocky9 ~]$ sudo cat /etc/group | grep sudo
sudo:x:27:deepak,foc,faruk

[foc@rocky9 ~]$ groups faruk
faruk : faruk sudo

 

2. Add user to sudoers

As I already explained above, you can use this method if you want to control the level of access you want to give to any user. The /etc/sudoers is the main configuration which is generally not recommended to be directly edited so we create a new file inside /etc/sudoers.d and manage the sudo policy.

IMPORTANT NOTE:
I cannot repeat this enough but always make sure to use visudo command when updating /etc/sudoers or any file inside /etc/sudoers.d to avoid any syntax errors that could potentially lock you out of the system.

Suppose you want to allow user deepak to restart apache2 service so we can create a new rule file for user deepak inside /etc/sudoers.d:

sudo visudo -f /etc/sudoers.d/deepak

and add the following entry:

deepak ALL=NOPASSWD: /bin/systemctl restart apache2

This line allows deepak to execute the systemctl restart apache2 command without a password. I have written a separate article to cover more simple and advanced examples which you can check at How to add user to sudoers with best practices & examples.

 

Summary

In this tutorial we learned how to add user to either sudo group or sudoers based on the requirement. To summarise, if you want to provide complete root level access to any user then you can add them to sudo group using different commands such as usermod, adduser, gpasswd etc. But if you want to give controlled access to any user then you should add them to /etc/sudoers using visudo command.

 

Omer Cakmak

Omer Cakmak

He is highly skilled at managing Debian, Ubuntu, CentOS, Oracle Linux, and Red Hat servers. Proficient in bash scripting, Ansible, and AWX central server management, he handles server operations on OpenStack, KVM, Proxmox, and VMware. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

1 thought on “How to add user to sudoers or sudo group in Ubuntu”

  1. Good Day, I think this documentation is good.
    But I thnik how to add an Domain Group?

    I tested
    sudo:x:27:%Domainname:lokaladmin

    But the System ask to lokaladmin not for my Domain User , that is login and is super user.
    Please give an answer.
    Greeting
    Jan

    Reply

Leave a Comment