How To Add Users To The Sudoer File On Linux
The terminal command that most Linux users, new and old, are familiar with is sudo. With it, a user can execute a Root level command without needing to log into the system account. This is incredibly convenient, not to mention useful for those who hate logging in and out of Root to get things done. As a bonus, sudo makes Linux systems more secure.
These days, sudo isn’t thought much about. During Linux installation, it usually is automatically set up and ready to go.
Install Sudo
Though it might sound a bit weird, not all Linux distributions come with sudo configured right away. In some rare cases, it may not even be installed. As a result, you’ll actually need to install it. Installing sudo is quite easy, and available on everything Linux related. Head over to Pkgs.org, and learn the packages you’ll need to get sudo installed on your Linux PC. Alternatively, follow the commands below to install it on your operating system.
Note: the installation instructions outline how to install sudo on Linux distributions that may not have sudo out of the box, or have it fully configured, etc.
Debian
su - apt-get install sudo
Arch Linux
su - pacman -S sudo
Fedora
su - dnf install sudo
OpenSUSE
su - zypper install sudo
Gentoo/Funtoo
su -
emerge app-admin/sudo
Add Users To sudo Via Groups
By far the easiest way to manage users in the Sudoer file is to create a group that can access sudo, then add them to the specific group. Often times, setting up sudo in this way works by adding users to the “wheel” group, or, alternatively, the “sudo” group.
Depending on your Linux operating system, the group may vary. To confirm what group system it uses, run the cat command and read /etc/sudoers/.
su - cat /etc/sudoers | more
Look for a line that says “Allow members of group sudo to execute any command”. Underneath it, there should be one of these two lines:
%sudo ALL=(ALL:ALL) ALL
or
%wheel ALL=(ALL:ALL) ALL
Take note of what group (wheel or sudo) that is at the start of the line, and then add your existing user to that group to give it sudo privileges.
su –
usermod -a -G sudo yourusername
or
usermod -a -G wheel yourusername
Be sure to repeat this process for each user you wish to give sudo access to.
Add Users To Sudoer File Directly
Another way of granting sudo access to users is by specifically specifying them in the Sudoer File. This is a little more involved than the last method, but preferable if you don’t like dealing with the group system on Linux. To start off, open up a terminal and log into Root with su.
su -
Now that the shell has Root access, it’s time to edit the /etc/sudoers file. Please note that editing this file MUST be done with the visudo command. Editing /etc/sudoers directly will break things and is dangerous. Instead, try:
EDITOR=nano visudo
Placing EDITOR in front of the visudo command will allow us to modify /etc/sudoers with Nano, rather than the Vi text editor. From here, scroll down and find “User privilege specification”. Underneath the line that specifies “Root”, add a new privilege line for your user:
username ALL=(ALL:ALL) ALL
Save Nano with Ctrl + O and close it with Ctrl + X. From here on, your user should be able to use commands via sudo.
Passwordless sudo
Passwordless sudo works like traditional sudo privileges. To enable it, you’ll need to specify via the Sudoer file. Some Linux distributions have a version of sudo that can easily be configured. Others don’t have any reference to “passwordless sudo” at all.
To determine if your operating system’s Sudoer file already supports it, run the cat command.
cat /etc/sudoers/ | more
First, open up the Sudero file and comment out:
%sudo ALL=(ALL:ALL) ALL
or
%wheel ALL=(ALL:ALL) ALL
Disabling these lines to turn off “password sudo”. Next, look through and find “Same thing without a password”. Remove the # from in front of the line. Save the editor with Ctrl + O, and Ctrl + X. Saving should automatically enable passwordless sudo on your Linux PC.
Disable sudo For Specific Users
The best way to disable sudo for specific users is to follow the instructions above and only add it on a per-user basis. If this doesn’t fit with your workflow, and you prefer to give sudo privileges to users via groups, a good way to prevent certain users from accessing this command is to remove the group from their account. To do this, run:
su - gpasswd -d sudo
or
gpasswd -d wheel
After removing the user from the sudo group, there’s no way for it to use the command to execute system-level operations.
