Table of contents
How can I provide administrative permissions to the specific user or group in Ubuntu Linux? Believe me or not, this is the most commonly asked question, and the answer is relatively straightforward. You need to use sudo utility. In Linux based system such as Ubuntu, you need to use the usermod command to add a user to the sudo group. Users in the sudoers group have root or administrator rights that allow them to open files and execute commands in a privileged way.
This guide will demonstrate the complete process of adding a user to the sudo group in Ubuntu. Why is this important? This approach allows following the principle of least privilege, which is essential to Linux OS security. If the user does not have the required access to some utility, then the system administrator typically can grant this access. Here’s our quick beginner’s guidance on that topic.
The ‘sudo’ utility
Sudo stands for ‘superuser do‘. It is a command that Linux users utilize for executing system-related tasks with privileged or elevated privileges. When you run a system command as a regular user, you need to invoke sudo
it before the command you wish to execute in privileged more. The sudo
command is the preferred method to deal with elevated permissions. Standard users in any operating system are not allowed to perform sensitive tasks such as accessing the content of the /root
directory, for example. This approach enables you to avoid the accidental execution of commands which may have destructive consequences.
Install ‘sudo’
If you just launched a new server in the cloud or launched Ubuntu Docker container, the sudo utility may not be installed. To install it, use the following command (you have to log in to the OS as a root user):
apt-get update
apt-get install sudo -y
As soon as you install sudo, let’s look at the easiest way to grant a new user access to use it on your Ubuntu system.
Adding a new user to ‘sudo’ group in Ubuntu
First, you need to use the adduser
command to add a new regular non-privileged user to the operating system:
adduser user1
After executing this command, the system will ask for the new user’s password, Full name, and other credentials related to the newly created user. Write out all the required information and then move toward the next step.
Now you can use usermod
command to add user1
user to the sudo
group. This will automatically allow the user to execute any command with elevated privileges on behalf of the root
user, for example.
usermod -aG sudo user1
To check applied changes, execute the following command:
groups user1
To verify the executed changes, log in to the OS using user1 user account, and try to list /root
folder:
ls -al /root
You should get the “ls: cannot open directory ‘/root’: Permission denied” error message because the OS does not allow users to access each other’s home folders. But the administrative root user can do that. Let’s elevate our privileges using sudo
and execute the same command:
sudo ls -al /root
After entering user1
user password, you should be able to see the content of the /root
folder.
Using ‘sudoers’ file in Ubuntu
The sudo
command is very powerful, and you can change its configuration in a file called sudoers
located in /etc
directory.
To edit this file, you should use visudo
utility. Do not use any other text editor because visudo
automatically checks your configuration changes for typos and syntax errors to prevent you from breaking up something. Command execution is simple:
sudo visudo
The sudoers
file is very well documented:
To get more information about file syntax use man
:
man sudo
Remove password request from ‘sudo’
Let’s make a small change and configure sudo
utility to stop asking for a user password when users of the sudo
group are using it.
To make it happen, move the cursor to the line:
%sudo ALL=(ALL:ALL) ALL
Press i
to change switch visudo
to edit mode and change the line like this:
%sudo ALL=(ALL) NOPASSWD: ALL
To save changes, press Esc
to exit from the edit mode, then Shift + :
, type wq
, and press Enter
. This command sequence will save the changes and exit visudo
.
Now, the sudo
utility will stop asking the password every time users included in sudo
group using it.
Granting user access to specific commands only
You can also configure sudo
utility to provide administrative access to specific commands only. That is very helpful when you do not want to give your users complete administrative access to the entire operating system but allow them to manually reboot the server if needed.
To allow users to execute specific commands only, it is recommended to put them in a separate group and add a separate configuration to a sudoers file.
Let’s add group power_users
and add its members’ permissions to execute halt, reboot, and poweroff commands without a password.
First, we need to create a separate group:
sudo addgroup power_users
Here’s an execution output:
Now, add the following line to sudoers
file:
%power_users ALL=NOPASSWD: /sbin/halt, /sbin/reboot, /sbin/poweroff
Finally, you can use usermod
command to add required users to the power_users
group to give them the ability to reboot the server when needed.
Summary
This article covered the basics of granting users required permissions in Ubuntu Linux using the sudo utility. We hope this article was useful for your needs. If so, please, help us to spread it to the world.
Related articles
- The Best Linux Distribution for your next cloud server
- Serverless Framework – Building Web App using AWS Lambda Amazon API Gateway S3 DynamoDB and Cognito – Part 1
- [The Ultimate Guide] – AWS Lambda Real-world use-cases
- Terraform – Managing AWS VPC – Creating Public Subnet
- Terraform – Managing Auto Scaling Groups & Load Balancers
- 7 Ways to Check Ubuntu Version on Your Server
I’m a passionate Cloud Infrastructure Architect with more than 15 years of experience in IT.
Any of my posts represent my personal experience and opinion about the topic.