Note: Assigning sudo privileges to users is equivalent to giving them root privileges. So, make sure that you are assigning the sudo privileges to the right user.
You can assign sudo privileges to any user through the following two methods:
- Add user to sudoers file
- Add user to sudo group
This article will discuss both methods for assigning sudo privileges. The commands discussed in this article will be run on the Debian 10 Buster system.
Method 1: Add User to sudoers File
This method for assigning sudo privileges is preferred, as it allows you to assign restrictive privileges to users for only those commands that are absolutely required to perform a task. You can do this using the /etc/sudoers
file, which allows you to easily control user privileges. All you need to do is to simply edit the /etc/sudoers
file and add the user to whom you want to assign sudo privileges. However, be sure to always edit the /etc/sudoers
file using the visudo command, as it provides the safest way of editing this file. The visudo command creates a temporary copy of the /etc/sudoers
file, where you can add sudo-related tasks. After that, the file is checked and validated for syntax. This way, it helps to prevent any configuration errors that could otherwise lock you out of the root account.
Edit the /etc/sudoers
file as follows:
To add a user to the sudoers file and assign it all permissions, add the following entry at the bottom of the file, replacing username with the actual username.
Example:
To assign a user named “tin” all root privileges, we will add the following entry in the sudoers file:
To assign permissions only to specific commands, add the following entries in the /etc/sudoers
file:
- Command alias
- Entry for the user
For example, to assign a user access only to the reboot command, add the following entry in the Cmnd Alias specification section of the /etc/sudoers
file:
You will also need to add the entry for the user at the bottom of the file:tin ALL=(ALL) NOPASSWD: REBOOT
Once you are done, save and exit the file.
Test sudo Access
Switch to the user account to which you have assigned sudo privileges and enter the following command, replacing the username with the actual username:
When prompted for the password, provide the user account password. After that, the specified user can run the reboot command with root privileges:
Method 2: usermod Command
Another method to add a user to sudoers is by using the “usermod” command. Use this method if you want to assign a user all administrative privileges.
In this method, we will add a user to the sudo group using the usermod command. The members of the sudo group are allowed to run any command with root privileges.
Use the following command to add a user to the sudo group by replacing the username with the actual username.
Example:
To verify if the user has been added to the sudo group, enter the following command, replacing the username
with the actual username:
Test sudo Access
Switch to the user account to which you have assigned sudo privileges and enter the following command, replacing the username
with the actual username:
When prompted for the password, provide the user account password. Then, type in sudo
, followed by any command that you want to run with root privileges:
The system will prompt for the sudo password. Type in the user account password, and you will be granted sudo privileges.
This article showed you how to add a user to sudoers in the Debian 10 Buster system using two simple methods. Adding a user to sudoers allows them to perform administrative tasks with root privileges. However, make sure that you are assigning sudo privileges to the right user; otherwise, it may cause a security risk.