In today’s tutorial, we are going to see how you can add a user to sudoers on Debian distributions.
The sudo command allows authorized users to perform commands as another user, which is by default the root user.
There are two ways to add a user to sudoers : you can add this user to the sudo group or you can add this user to the sudoers file located at etc.
Here are the details of the two methods.
I – Adding an existing user to the sudo group
As a prerequisites, make sure that the sudo command is available by default. If it’s not the case, you can install it by running (with an account with admin rights)
$ apt-get update
$ apt-get install sudo
The first method is to add the user to the sudo group.
To do that, you are going to use the “usermod” command with the capital G flag (for groups)
$ sudo usermod -a -G sudo user
You can also use the gpasswd command to grand sudo rights.
$ sudo gpasswd -a bob sudo
Adding user to the group sudo
Make sure that the user belongs to the sudo group with the groups command.
$ su - user
(password for user)
$ groups
user sudo
You should now be able to perform a sudo request on Debian 10.
Depending on the configuration you chose during your Debian 10 installation process, you may or may not have access to a root account. If you chose a password for your root account, you will be able to connect to it. Otherwise, the default admin account is the one you created during the installation process.
II – Adding an existing user to the sudoers file
The sudoers file is located at /etc/sudoers.
This file contains a set of rules that are applied to determine who has sudo rights on a system, which commands they can execute with sudo privileges, and if they should be prompted a password or not.
However, you should never modify the sudoers file with a text editor.
Saving a bad sudoers may leave you with the impossibility of getting sudo rights ever again.
Instead, you are going to use visudo, a tool designed to make sure you don’t do any mistakes.
$ sudo visudo
This is what you should see.
At the end of the file, add a new line for the user.
john ALL=(ALL:ALL) ALL
By default, the account password will be asked every five minutes to perform sudo operations.
However, if you want to remove this password verification, you can set the NOPASSWD
option.
john ALL=(ALL:ALL) NOPASSWD:ALL
If you want the password verification to be skipped for longer periods of time, you can overwrite the timestamp_timeout (in minutes) parameter in your sudoers file.
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Defaults timestamp_timeout=30
III – Adding a group to the sudoers file
Via the visudo, you can add an entire group to the sudoers.
This might be handy if you have a group for system administrators for example. In this case, you simply have to add a user to the system administrators group for him/her to be granted sudo privileges.
To add a group to the sudoers file, simply add a percent symbol at the beginning of the file.
%sysadmins ALL=(ALL:ALL) NOPASSWD:ALL
Make sure that your user is part of the designed group with the groups command.
$ su - user
$ groups
user sysadmins
You can test your new sudo rights by changing your password for example
$ sudo passwd
IV – Most Common Errors
- user is not in the sudoers file. This incident will be reported.
This is the standard error message you get when a user does not belong to the sudo group on Debian 10.
By adding this user to the sudoers file on Debian, this error message should not be raised anymore.
30 comments
An error in:
$ sudo gpasswd -a bob user <————————- need sudo, not user
Adding user to the group sudo
Should do so:
$ sudo gpasswd -a bob sudo
Thank you!
[…] you are not sure about how to add a user to sudoers, make sure to check the tutorial we wrote about […]
[…] To install locate, you will need sudo privileges on your Linux host. […]
[…] To prove that it provides the groups for the user that launched the command, try to launch the command with sudo privileges. […]
[…] : you need sudo privileges to inspect system services with […]
[…] In order to change your timezone on Debian 10, you will need to have sudo privileges on your host. […]
[…] that you will need sudo privileges on Debian 10 to run this […]
[…] In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host. […]
[…] of all, you need to have sudo rights on your Linux machine, otherwise you won’t be able to install InfluxDB on your […]
[…] you need to add a user to sudoers on Debian, there is a tutorial for […]
[…] default, you will need privileged rights in order to run this command, so make sure that you have sudo rights either on Debian based distributions, or on Red Hat based […]
[…] In order to add swap space on Debian 10 Buster, you need to have sudo privileges on your host. […]
[…] some directories, you will need to have sudo privileges (on Debian/Ubuntu, or on […]
[…] you are looking for resources in order to be sudo on Debian/Ubuntu or on RHEL/CentOS, make sure to take a look at our dedicated […]
[…] you are not sure how to give sudo rights to users on Debian/Ubuntu or CentOS/RHEL, make sure to check our dedicated guides on the […]
[…] one guide for Debian based systems and one for Red Hat based […]
[…] running the passwd command, make sure that you have sudo rights on your Debian 10 […]
[…] of all, you need to have sudo rights on your Linux machine; otherwise, you won’t be able to install InfluxDB on your […]
[…] you are not sure on how to provide sudo rights for users on Debian 10 or CentOS 8, make sure to read our dedicated guides about […]
The instructions on debian 10 are not quite correct. The line that you need to add to the bottom is:
“john ALL=(ALL:ALL) NOPASSWD:ALL”
There is no $ sign. I’m sure that this is a simple oversight, but as a new debian user it took me a bit to figure out what I needed to do to make this work.
Hello,
Indeed, dollar signs are added before most commands on the website.
Sorry if it led to some confusion on your side.
That $ screwed me! Last time I used vi must have been 25 years ago! So I took your $ for cash… You should correct the web page since Linux newbies will certainly get it wrong.
You are right, that’s a good remark, the dollar sign won’t be used for future articles, it surely can be confusing.
The dollar sign in this case is just wrong. I see where you use it at the beginning of a command, to represent the prompt. That’s fine, but in this case the example text is not a command, but the contents of a file. The dollar has no business there and it isn’t just confusing. It incorrect information and should be corrected.
[…] you don’t have sudo rights, you can have a look at our tutorials on becoming sudo on Debian or CentOS […]
[…] If you don’t belong to the sudo group, you can check one of our tutorials in order to gain sudo privileges for Debian instances. […]
[…] this is not the case, you can read our guide on getting sudo privileges for Debian or CentOS […]
why not just type “sudo adduser john sudo”?
Go to single user mode change above parameter if we are not being able to change due to below issue.
Incident reported after type passwrd by executing command sudo -s or sudo root