Table of contents
How I can provide administrative permissions to the specific user or group in Ubuntu Linux? Believe me or not, but this is the most commonly asked question, and the answer is relatively straightforward and easy. You need to use
sudo utility. In Linux based system such as Ubuntu, you need to use the
usermod command to add a user to the
sudo group. Users in the sudoers group has root or administrator rights that allow them to open files and execute commands in a privileged way.
In this guide, we will demonstrate the complete process of adding a user to the
sudo group in Ubuntu. Why this is important? This approach allows following the principle of least privilege which is the essential part of Linux OS security. If the user does not have the required access to some utility, then the system administrator typically can grant this access. Here’s our quick beginner’s guidance on that topic.
The ‘sudo’ utility
Sudo stands for ‘superuser do‘. It is a command that Linux users utilize for executing system-related tasks with privileged or elevated privileges. When you run a system command as a regular user, you need to invoke
sudo before the command you wish to execute in privileged more. The
sudo command is the preferred method to deal with elevated permissions. Standard users in any operating system are not allowed to perform sensitive tasks such as accessing the content of the
/root directory, for example. This approach enables you to avoid accidental execution of commands which may have destructive consequences.
If you just launched a new server in the cloud or launched Ubuntu Docker container,
sudo utility may not be installed. To install it, use the following command (you have to log in to the OS as root user):
apt-get update apt-get install sudo -y
As soon as you installed sudo, let’s take a look at the easiest way to grant a new user access to use it at your Ubuntu system.
Adding a new user to ‘sudo’ group in Ubuntu
First, you need to use
adduser command to add a new regular non-privileged user to the operating system:
After executing this command, the system will ask for the new user password, Full name, and other credentials related to the newly created user. Write out all the required information and then move toward the next step.
Now you can use
usermod command to add
user1 user to the
sudo group. This will automatically allow the user to execute any command with elevated privileges, on behalf of the
root user, for example.
usermod -aG sudo user1
To check applied changes execute the following command:
To verify the executed changes, log in to the OS using user1 user account, and try to list
ls -al /root
You should get “ls: cannot open directory ‘/root’: Permission denied” error message because the OS does not allow users to access home each other’s folders. But administrative root user can do that. Let’s elevate our privileges using
sudo and execute the same command:
sudo ls -al /root
user1 user password, you should be able to see the content of the
Using ‘sudoers’ file in Ubuntu
sudo command very powerfull and you can change its configuration it in file called
sudoers located in
To edit this file, you should use
visudo utility. Do not use any other text editor because
visudo automatically checks your configuration changes for typos and syntax errors to prevent you from breaking up something. Command execution is simple:
sudoers file is very well documented:
To get more information about file syntax use
Remove password request from ‘sudo’
Let’s make a small change and configure
sudo utility to stop asking user password when the users of
sudo group are using it.
To make it happen, move cursor to the line:
%sudo ALL=(ALL:ALL) ALL
Press i to change switch
visudo to edit mode and change the line like this:
%sudo ALL=(ALL) NOPASSWD: ALL
To save changes press Esc to exit from the edit mode, then “Shift + :“, type wq and press Enter. This command sequence will save the changes and exit
sudo utility will stop asking password every time users included in
sudo group using it.
Granting user access to specific commands only
You can also configure
sudo utility to provide administrative access to a specific commands only. That is very helpful when you do not want to give your users complete administrative access to entire operating system, but allow them to manually reboot the server if needed.
To allow users execute specific commands only it is recommended to put them to a separate group and add a separate configuration to a sudoers file.
Let’s add group
power_users and add its members permissions to execute
poweroff commands without password.
First, we need to create a separate group:
sudo addgroup power_users
Here’s an execution output:
Now, add the following line to
%power_users ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff
Finally, you can use
usermod command to add required users to the
power_users group to give them the ability to reboot the server when needed.
In this article, we covered the basics of granting users required permissions in Ubuntu Linux using
sudo utility. We hope, this article was useful for your needs. If so, please, help us to spread it to the world.