Debian

How to Add User to sudoers in Debian 10

The sudo command allows users to run administrative commands in the Linux system, such as installing, removing, and updating packages, and editing configuration files, among other tasks. Using sudo privileges before any root command enables you to do the same thing you would as a root user. Also, it is a safe way to assign root privileges to any user. Instead of providing users with the root password, you can grant them sudo privileges and they can authenticate using their own password.

Note: Assigning sudo privileges to users is equivalent to giving them root privileges. So, make sure that you are assigning the sudo privileges to the right user.

You can assign sudo privileges to any user through the following two methods:

  • Add user to sudoers file
  • Add user to sudo group

This article will discuss both methods for assigning sudo privileges. The commands discussed in this article will be run on the Debian 10 Buster system.

Method 1: Add User to sudoers File

This method for assigning sudo privileges is preferred, as it allows you to assign restrictive privileges to users for only those commands that are absolutely required to perform a task. You can do this using the /etc/sudoers file, which allows you to easily control user privileges. All you need to do is to simply edit the /etc/sudoers file and add the user to whom you want to assign sudo privileges. However, be sure to always edit the /etc/sudoers file using the visudo command, as it provides the safest way of editing this file. The visudo command creates a temporary copy of the /etc/sudoers file, where you can add sudo-related tasks. After that, the file is checked and validated for syntax. This way, it helps to prevent any configuration errors that could otherwise lock you out of the root account.

Edit the /etc/sudoersfile as follows:

$ sudo visudo

To add a user to the sudoers file and assign it all permissions, add the following entry at the bottom of the file, replacing username with the actual username.

username ALL=(ALL) ALL

Example:

To assign a user named “tin” all root privileges, we will add the following entry in the sudoers file:

tin ALL=(ALL) ALL

To assign permissions only to specific commands, add the following entries in the /etc/sudoers file:

  • Command alias
  • Entry for the user

For example, to assign a user access only to the reboot command, add the following entry in the Cmnd Alias specification section of the /etc/sudoers file:

Cmnd_Alias REBOOT = /usr/sbin/reboot

You will also need to add the entry for the user at the bottom of the file:tin ALL=(ALL) NOPASSWD: REBOOT

Once you are done, save and exit the file.

Test sudo Access

Switch to the user account to which you have assigned sudo privileges and enter the following command, replacing the username with the actual username:

$ su - username

When prompted for the password, provide the user account password. After that, the specified user can run the reboot command with root privileges:

$ sudo reboot

Method 2: usermod Command

Another method to add a user to sudoers is by using the “usermod” command. Use this method if you want to assign a user all administrative privileges.

In this method, we will add a user to the sudo group using the usermod command. The members of the sudo group are allowed to run any command with root privileges.

Use the following command to add a user to the sudo group by replacing the username with the actual username.

$ sudo usermod -a -G sudo username

Example:

$ sudo usermod -a -G sudo tin

To verify if the user has been added to the sudo group, enter the following command, replacing the username with the actual username:

$ groups usernmae

Test sudo Access

Switch to the user account to which you have assigned sudo privileges and enter the following command, replacing the username with the actual username:

$ su - username

When prompted for the password, provide the user account password. Then, type in sudo, followed by any command that you want to run with root privileges:

$ sudo apt update

The system will prompt for the sudo password. Type in the user account password, and you will be granted sudo privileges.

This article showed you how to add a user to sudoers in the Debian 10 Buster system using two simple methods. Adding a user to sudoers allows them to perform administrative tasks with root privileges. However, make sure that you are assigning sudo privileges to the right user; otherwise, it may cause a security risk.

About the author

Karim Buzdar

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn.