Search

How to add users to /etc/sudoers

Raphael Vieira
Raphael Vieira

Sudo permissions allow users to execute commands with elevated privileges. These permissions are set in the sudoers file to prevent accidental misuse of commands or to allow users to execute administrative commands. This article shows how to add users to sudoers.

The sudoers file is located in the directory /etc/sudoers or in the /etc/sudoers.d/.

Command line

RHEL and CentOS

  1. Become root by running su.
  2. Run the following command, replacing username with the actual username:
usermod -aG wheel username
  1. Log out and back in again.

Debian and Ubuntu

  1. Become root by running su.
  2. Run the following command, replacing username with the actual username:
usermod -aG sudo username
  1. Log out and back in again.
  2. On Debian you can verify if the user was added:
getent group sudo

The command usermod consists of the following components:

  • usermod command modifies a user account.
  • -aG is an option that adds the user to a specific group. The -a option adds a user to the group. It does that without removing them from the current groups. The -G option is used to state where to add the existing user.
  • wheel or sudo are the groups that are appended to the options mentioned above.
  • username is the user account you want to add to the sudo group.

This is a group configuration and it consists of adding users to the existing sudo group, promoting simplicity and ease of management.

Editing the sudoers file and specifying privileges for an individual user

  1. Edit the sudoers file using the visudo command:
sudo visudo

This command ensures that you are editing the sudoers file with the appropriate syntax checking.

  1. Locate the section that begins with %sudo or %admin. This is the section where you grant sudo privileges to members of a specific group.
#User privilege specification

root ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) ALL
  1. Add the following line to the sudoers file, replacing username with the actual username:
username ALL=(ALL:ALL) ALL
  1. Save the changes and exit the editor. After that, you need to validate the syntax of the sudoers file. Use the following command:
sudo visudo -c

The command checks for syntax errors and provides feedback if any issues are detected.

This method is User-Specific Configuration: for more granular control, especially in environments with a limited number of users requiring elevated privileges, specifying privileges for individual users can be preferred.

Using sudo without password

Attention: Never use this for real servers since it's considered a security risk. However, for developers running a RHEL VM on your machine, this is a reasonable thing to do.

You can configure sudo to not ask for a password.

The default /etc/sudoers file contains two lines for group wheel; the NOPASSWD: line is commented out. Uncomment that line and comment out the wheel line without NOPASSWD. For example:

## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL

Was this article helpful?

0 out of 0 found this helpful