How to allow the user to use sudo in Ubuntu Linux

How can I provide administrative permissions to the specific user or group in Ubuntu Linux? Believe me or not, this is the most commonly asked question, and the answer is relatively straightforward. You need to use sudo utility. In Linux based system such as Ubuntu, you need to use the usermod command to add a user to the sudo group. Users in the sudoers group have root or administrator rights that allow them to open files and execute commands in a privileged way.

This guide will demonstrate the complete process of adding a user to the sudo group in Ubuntu. Why is this important? This approach allows following the principle of least privilege, which is essential to Linux OS security. If the user does not have the required access to some utility, then the system administrator typically can grant this access. Here’s our quick beginner’s guidance on that topic.

The ‘sudo’ utility

Sudo stands for ‘superuser do‘. It is a command that Linux users utilize for executing system-related tasks with privileged or elevated privileges. When you run a system command as a regular user, you need to invoke sudo it before the command you wish to execute in privileged more. The sudo command is the preferred method to deal with elevated permissions. Standard users in any operating system are not allowed to perform sensitive tasks such as accessing the content of the /root directory, for example. This approach enables you to avoid the accidental execution of commands which may have destructive consequences.

Install ‘sudo’

If you just launched a new server in the cloud or launched Ubuntu Docker container, the sudo utility may not be installed. To install it, use the following command (you have to log in to the OS as a root user):

apt-get update
apt-get install sudo -y

As soon as you install sudo, let’s look at the easiest way to grant a new user access to use it on your Ubuntu system.

Adding a new user to ‘sudo’ group in Ubuntu

First, you need to use the adduser command to add a new regular non-privileged user to the operating system:

adduser user1

After executing this command, the system will ask for the new user’s password, Full name, and other credentials related to the newly created user. Write out all the required information and then move toward the next step.

Now you can use usermod command to add user1 user to the sudo group. This will automatically allow the user to execute any command with elevated privileges on behalf of the root user, for example.

usermod -aG sudo user1

To check applied changes, execute the following command:

groups user1

To verify the executed changes, log in to the OS using user1 user account, and try to list /root folder:

ls -al /root

You should get the “ls: cannot open directory ‘/root’: Permission denied” error message because the OS does not allow users to access each other’s home folders. But the administrative root user can do that. Let’s elevate our privileges using sudo and execute the same command:

sudo ls -al /root

After entering user1 user password, you should be able to see the content of the /root folder.

Using ‘sudoers’ file in Ubuntu

The sudo command is very powerful, and you can change its configuration in a file called sudoers located in /etc directory.

To edit this file, you should use visudo utility. Do not use any other text editor because visudo automatically checks your configuration changes for typos and syntax errors to prevent you from breaking up something. Command execution is simple:

sudo visudo

The sudoers file is very well documented:

To get more information about file syntax use man:

man sudo

Remove password request from ‘sudo’

Let’s make a small change and configure sudo utility to stop asking for a user password when users of the sudo group are using it.

To make it happen, move the cursor to the line:

%sudo ALL=(ALL:ALL) ALL

Press i to change switch visudo to edit mode and change the line like this:

%sudo ALL=(ALL) NOPASSWD: ALL

To save changes, press Esc to exit from the edit mode, then Shift + :, type wq, and press Enter. This command sequence will save the changes and exit visudo.

Now, the sudo utility will stop asking the password every time users included in sudo group using it.

Granting user access to specific commands only

You can also configure sudo utility to provide administrative access to specific commands only. That is very helpful when you do not want to give your users complete administrative access to the entire operating system but allow them to manually reboot the server if needed.

To allow users to execute specific commands only, it is recommended to put them in a separate group and add a separate configuration to a sudoers file.

Let’s add group power_users and add its members’ permissions to execute halt, reboot, and poweroff commands without a password.

First, we need to create a separate group:

sudo addgroup power_users

Here’s an execution output:

Now, add the following line to sudoers file:

%power_users ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff

Finally, you can use usermod command to add required users to the power_users group to give them the ability to reboot the server when needed.

Summary

This article covered the basics of granting users required permissions in Ubuntu Linux using the sudo utility. We hope this article was useful for your needs. If so, please, help us to spread it to the world.

Related articles

• The Best Linux Distribution for your next cloud server
• Serverless Framework – Building Web App using AWS Lambda Amazon API Gateway S3 DynamoDB and Cognito – Part 1
• [The Ultimate Guide] – AWS Lambda Real-world use-cases
• Terraform – Managing AWS VPC – Creating Public Subnet
• Terraform – Managing Auto Scaling Groups & Load Balancers
• 7 Ways to Check Ubuntu Version on Your Server