In this guide, we are going to learn how to add users to sudo group in Linux. More often than not, you want, as a non-root user, to run commands with elevated privileges in Linux. So the only way this can happen is to give user sudo privileges by adding them to a sudo group or to sudoers file.
Adding Users to sudo group in Linux
sudo group in Debian and its derivatives is called wheel group in CentOS and similar derivatives.
A user can be given sudo privileges by being added to the sudo/wheel group or by being added to the sudoers file, /etc/sudoers.
So what is the difference between sudo/wheel group and sudoers file?
The sudo/wheel group has the privileges it has based on what is defined on the sudoers file. In sudoers file, you will see the lines below;
In Debian derivatives;
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALLIn RHEL derivatives;
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALLNOTE that a group is prefixed with %.
So based on the two lines above, sudoers security policy requires that users authenticate themselves before they can use sudo command.
However, a password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command.
Add Users to sudo group in Linux
To add user to wheel or sudo group, you can use the usermod command in the following syntax;
usermod -aG sudo/wheel USERNAMEWhere
ameans add the user to the supplementary group that will be specified with-Goption.Gspecifies the supplementary groups to which the user is being added.sudo/wheelspecifies the group to add the userUSERNAMspecifies the name of the user being added to the sudo group.
For example, On Debian and its derivatives, to add a user called john to sudo group;
usermod -aG sudo johnTo confirm the groups of the user, use id command.
id john
uid=1002(john) gid=1002(john) groups=1002(john),27(sudo)On RHEL and its derivatives like CentOS;
usermod -aG wheel johnid john
uid=1001(john) gid=1001(john) groups=1001(john), 10(wheel)Adding users to sudoers file in Linux
Well, you can explicitly give users sudo privileges by adding them to the sudoers file. A user whose privileges are defined in the sudoers file doesn’t necessarily have to be added to the sudo or wheel group.
To edit the sudoers file, use the visudo command. This will open the sudoers file with your default editor, usually nano if the EDITOR variable has not been set.
To use vim as your editor, simply run;
export EDITOR=vimNext, run visudo command. Note that you cannot edit the sudoers file as an ordinary user with no sudo privileges.
visudoOnce you open the sudoers file, you can give a user sudoers rights as follows.
For example, to enable the user john to run commands with sudo privileges, simply add the line below on the sudoers file.
john ALL=(ALL:ALL) ALL This line allows user john to run all commands with sudo upon authentication.
If you need to allow specific group of users to run the commands with sudo, simply add the line below replacing the groupname with your group.
%groupname ALL=(ALL:ALL) ALLTo break down these lines in simple terms;
johnorgroupname: specifies the user or group being assigned the sudo privileges.ALL(before =): Specify the host on which the user/group can have sudo privileges. This means that the user/group can use sudo on all hosts.ALL:ALL(within the brackets): TheALLbefore the colon specifies the user running the command while theALLafter the colon specifies the group of the user running the command.ALL(the last section): Specifies the command that the user can run. In this case, it means any command.
Once the user is given sudo rights, they can now execute privileged commands that are allowed to execute by prefixing them with sudo.
Other Tutorials
Using Find Command to Search for Files and Directories in Linux
Connect to WiFi in Linux Using NMCLI command
Simple and great guidance.
Thanks
Rapt
Hi,
Very useful guideline
Thanks a lot