How I can provide administrative permissions to the specific user or group in Ubuntu Linux? Believe me or not, but this is the most commonly asked question, and the answer is relatively straightforward and easy. You need to use sudo utility. In Linux based system such as Ubuntu, you need to use the usermod command to add a user to the sudo group. Users in the sudoers group has root or administrator rights that allow them to open files and execute commands in a privileged way.

In this guide, we will demonstrate the complete process of adding a user to the sudo group in Ubuntu. Why this is important? This approach allows following the principle of least privilege which is the essential part of Linux OS security. If the user does not have the required access to some utility, then the system administrator typically can grant this access. Here’s our quick beginner’s guidance on that topic.

The ‘sudo’ utility

Sudo stands for ‘superuser do‘. It is a command that Linux users utilize for executing system-related tasks with privileged or elevated privileges. When you run a system command as a regular user, you need to invoke sudo before the command you wish to execute in privileged more. The sudo command is the preferred method to deal with elevated permissions. Standard users in any operating system are not allowed to perform sensitive tasks such as accessing the content of the /root directory, for example. This approach enables you to avoid accidental execution of commands which may have destructive consequences.

Install ‘sudo’

If you just launched a new server in the cloud or launched Ubuntu Docker container, sudo utility may not be installed. To install it, use the following command (you have to log in to the OS as root user):

apt-get update
apt-get install sudo -y

As soon as you installed sudo, let’s take a look at the easiest way to grant a new user access to use it at your Ubuntu system.

Adding a new user to ‘sudo’ group in Ubuntu

First, you need to use adduser command to add a new regular non-privileged user to the operating system:

adduser user1

After executing this command, the system will ask for the new user password, Full name, and other credentials related to the newly created user. Write out all the required information and then move toward the next step.

Now you can use usermod command to add user1 user to the sudo group. This will automatically allow the user to execute any command with elevated privileges, on behalf of the root user, for example.

usermod -aG sudo user1

To check applied changes execute the following command:

groups user1

To verify the executed changes, log in to the OS using user1 user account, and try to list /root folder:

ls -al /root

You should get “ls: cannot open directory ‘/root’: Permission denied” error message because the OS does not allow users to access home each other’s folders. But administrative root user can do that. Let’s elevate our privileges using sudo and execute the same command:

sudo ls -al /root

After entering user1 user password, you should be able to see the content of the /root folder.

Using ‘sudoers’ file in Ubuntu

The sudo command very powerfull and you can change its configuration it in file called sudoers located in /etc directory.

To edit this file, you should use visudo utility. Do not use any other text editor because visudo automatically checks your configuration changes for typos and syntax errors to prevent you from breaking up something. Command execution is simple:

sudo visudo

sudoers file is very well documented:

To get more information about file syntax use man:

man sudo

Remove password request from ‘sudo’

Let’s make a small change and configure sudo utility to stop asking user password when the users of sudo group are using it.

To make it happen, move cursor to the line:

%sudo ALL=(ALL:ALL) ALL

Press i to change switch visudo to edit mode and change the line like this:

%sudo ALL=(ALL) NOPASSWD: ALL

To save changes press Esc to exit from the edit mode, then “Shift + :“, type wq and press Enter. This command sequence will save the changes and exit visudo.

Now, the sudo utility will stop asking password every time users included in sudo group using it.

Granting user access to specific commands only

You can also configure sudo utility to provide administrative access to a specific commands only. That is very helpful when you do not want to give your users complete administrative access to entire operating system, but allow them to manually reboot the server if needed.

To allow users execute specific commands only it is recommended to put them to a separate group and add a separate configuration to a sudoers file.

Let’s add group power_users and add its members permissions to execute halt, reboot and poweroff commands without password.

First, we need to create a separate group:

sudo addgroup power_users

Here’s an execution output:

Now, add the following line to sudoers file:

%power_users ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff

Finally, you can use usermod command to add required users to the power_users group to give them the ability to reboot the server when needed.

Summary

In this article, we covered the basics of granting users required permissions in Ubuntu Linux using sudo utility. We hope, this article was useful for your needs. If so, please, help us to spread it to the world.

Related articles

• Serverless Framework – Building Web App using AWS Lambda Amazon API Gateway S3 DynamoDB and Cognito – Part 1
• [The Ultimate Guide] – AWS Lambda Real-world use-cases
• Terraform – Managing AWS VPC – Creating Public Subnet
• Terraform – Managing Auto Scaling Groups & Load Balancers
• 7 Ways to Check Ubuntu Version on Your Server