This post may contain affiliate links/ads and I may earn a small commission when you click on the links/ads at no additional cost to you. As an Amazon Affiliate, I earn from qualifying purchases. Techsphinx also participates in the StationX Affiliate program. You can read my full disclaimer here.
In this tutorial, I am going to show you how to grant sudo access to any user by adding that user to the sudoers file on Linux.
Using the sudo (short for Super-user do) command, you can execute commands or run programs with the security privileges of another user (By default, the superuser – root).
The sudoers file contains the configuration that determines which users or groups are granted with sudo privileges, as well as the level of user privileges (which user can run what).
Pre-Requisites to Add user to Sudoers file
- Any Linux-based system (Ubuntu, Debian, CentOS) up and running.
- Access to the root account on your Linux System
Login to Linux system
First and foremost, login to your Linux system graphically or via remote login using ssh.
ssh [email protected]_ip
Replace “server_ip” with the IP address of the Linux server.
Create a new user account
Once, logged in using the root account, create a new user for whom you want to grant sudo access.
If you want to give sudo access to an existing user, then skip this step.
Replace “username” with your desired username.
3 ways to Grant Sudo access to a User
I am showing you three ways in which you can grant sudo access to the user.
1. Adding the User to Sudo Group
The easiest way of granting sudo access to a user is to add the user to the sudo group. The members of the sudo group are granted sudo access.
To add the user to the sudo group run the following command.
usermod -aG sudo username
Replace “username” with your desired username.
This is the easiest way, but if you want more control over granting the sudo access to the user, then grant sudo access by editing the sudoers file.
2. Adding User to the Sudoers File
To edit the sudoers file, we will use the visudo command.
Using the visudo command is better than using any regular command-line text editor to edit the sudoers file as it checks for any syntax errors, you may have made while editing the file.
When you run the visudo command, you’ll notice that it is using the vim or nano text editor. This is specified in the EDITOR environment variable.
If you want to edit the sudoers file with nano, then set the variable to:
Now, when you run the visudo command, you’ll get the nano text editor to edit the sudoers file.
Also, if the default visudo EDITOR variable is set to nano, you can change it to vim editor using:
Now, to edit the sudoers file, run the command:
Once the editor is open, follow any one of the methods mentioned below to grant sudo privileges.
To grant sudo access to any user.
Add the following line to the file.
username ALL=(ALL:ALL) ALL
Replace “username” with your desired username before saving the file and quitting the editor.
This will grant sudo access to your desired user.
To grant sudo access without prompting for the password.
Whenever you use the sudo command, it will prompt for the password of the user. Only after entering the password, the command will be executed.
If you want to allow the user to run sudo commands without being asked for a password, then add this line:
username ALL=(ALL:ALL) NOPASSWD:ALL
Replace “username” with your desired username, then save the file and quit the editor.
To grant sudo access for specific commands.
You can also grant sudo access for running specific commands.
Just mention the full path of the command in place of the last “ALL”. If you want to mention multiple commands, then separate them with a comma(,).
You can find the full path of the command using the “which” command.
which -a mkdir
[email protected]:~$ which -a mkdir
Here’s an example to grant sudo access for running mkdir and mv command.
username ALL=(ALL:ALL) /bin/mkdir,/bin/mv
You can also use the NOPASSWD option to allow the user to run sudo commands without being asked for a password.
username ALL=(ALL:ALL) NOPASSWD:/bin/mkdir,/bin/mv
3. Creating a file in the sudoers.d directory
You can also grant sudo access by creating a new configuration file in the /etc/sudoers.d directory. The files inside this directory are included in the sudoers file.
You can create a new file manually in the /etc/sudoers.d directory and add the configuration manually or you can use the following command to achieve the same result.
echo "username ALL=(ALL:ALL) ALL" > /etc/sudoers.d/username
Don’t forget to replace “username” in the above command with your desired username.
Test Sudo access on Linux
To test the sudo access for the user, login with the user account or switch to the user account using the “su” (switch user) command.
su - username
Now, run the sudo command followed by “whoami” command.
Enter the password for the user (unless you have set the NOPASSWD option) and you’ll see the output of the command.
If you see root as output, that means sudo access is working properly.
Use sudo command on Linux
If you want to use any command with sudo access without adding it to the sudoers file or sudo group, you will get:
User is not in the sudoers file. This incident will be reported.
But once you add the user to the sudoers file, you can run any command/program with the sudo privileges.
For example, you cannot list files and folders present in the root directory without sudo access.
So, to list files under the root directory use “ls” command with sudo:
sudo ls /root
If you want to install any package or update software repository on your Linux system, you’ll need sudo access:
sudo apt update
Once you run the command with sudo, it will ask for a password for the user account with the sudo access. This will happen only once for each session.
Enter the password to execute the command with sudo privileges.
Using any of the 3 methods mentioned in this post, you can grant sudo access to your desired user.
If you are editing the sudoers file, then make sure you are using the “visudo” command.
That’s it for granting sudo access. If you have any questions, you can ask in the comments.