Linux Security System Administration

Managing sudo privileges on Linux

sudo is a command which grants superuser privileges to non root users. Using sudo is a practice for safety purposes, by using sudo we can use our device as a regular user avoiding dangerous behavior while being root while allowing to call superuser privileges if necessary. In other words we can start our regular user X session and use sudo only when we need privileges, of course, by default sudo requests the root password, but in this tutorial we’ll disable this.

In this tutorial you’ll find how to grant and remove sudo privileges, how to remove the password request when executing root commands and how to grant sudo privileges to all users belonging to a specific group. For this tutorial we will use Debian and Ubuntu based systems.

Adding a user to the sudo grou

To manage sudo privileges for users we’ll use the command usermod.

To grant sudo privileges to a user type:

usermod -a -G sudo USERNAME

Where:

Usermod: calls the program

-a: to add to a group

-G: to specify the group

USERNAME/ linuxhint: Replace for the correct username.

Another way is to edit the /etc/sudoers file by running the following command:

nano /etc/sudoers

Add the following line replacing “USERNAME” with your user.

USERNAME   ALL=(ALL)   ALL //gives user "username" sudo access

To remove a user from sudoers on Debian based distributions run the following command:

deluser USERNAME sudo

Disable password request when executing sudo

By default sudo will prevent the execution of privileged commands reserved to root by requesting a password as shown in the image below.

We can prevent sudo from asking authentication by editing the /etc/sudoers file

Run nano /etc/sudoers

Add the line below replacing username with your the correct username.

username ALL = NOPASSWD : ALL

In order to grant sudo privileges to a whole group giving sudo privileges to all users belonging to the group, edit the sudoers file by running nano /etc/sudoers and add the line shown below

%groupname    ALL=(ALL)       ALL

Press CTRL+X and Y to conform to save and exit.

Conclusion

As said in the beginning of the tutorial getting used to sudo is a good practice to keep our device safe and prevent dangerous mistakes, adding a regular user or a whole group to the sudo group is simple as one command.

I hope you liked this tutorial, keep following LinuxHint for more tutorials and tips on Linux administration.

About the author

Ivan Vanney

Ivan Vanney

Ivan Vanney has over a decade working as sysadmin. He is s contributor on LinuxHint.com, and the founder of linuxer.info