In this guide, we are going to learn how to add users to sudo group in Linux. More often than not, you want, as a non-root user, to run commands with elevated privileges in Linux. So the only way this can happen is to give user sudo privileges by adding them to a sudo group or to sudoers file.
How to Add Users to sudo group in Linux
sudo group in Debian and its derivatives is called
wheel group in CentOS and similar derivatives.
A user can be given sudo privileges by being added to the
wheel group or by being added to the
So what is the difference between sudo/wheel group and sudoers file?
The sudo/wheel group has the privileges it has based on what is defined on the sudoers file. In sudoers file, you will see the lines below;
In Debian derivatives;
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
In RHEL derivatives;
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
NOTE that a group is prefixed with
So based on the two lines above, sudoers security policy requires that users authenticate themselves before they can use sudo command.
However, a password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command.
Add Users to sudo group in Linux
To add user to
sudo group, you can use the
usermod command in the following syntax;
usermod -aG sudo/wheel USERNAME
ameans add the user to the supplementary group that will be specified with
Gspecifies the supplementary groups to which the user is being added.
sudo/wheelspecifies the group to add the user
USERNAMspecifies the name of the user being added to the sudo group.
For example, On Debian and its derivatives, to add a user called john to sudo group;
usermod -aG sudo john
To confirm the groups of the user, use
id john uid=1002(john) gid=1002(john) groups=1002(john),27(sudo)
On RHEL and its derivatives like CentOS;
usermod -aG wheel john
id john uid=1001(john) gid=1001(john) groups=1001(john), 10(wheel)
Adding users to sudoers file in Linux
Well, you can explicitly give users sudo privileges by adding them to the sudoers file. A user whose privileges are defined in the sudoers file doesn’t necessarily have to be added to the sudo or wheel group.
To edit the sudoers file, use the
visudo command. This will open the sudoers file with your default editor, usually nano if the EDITOR variable has not been set.
To use vim as your editor, simply run;
Next, run visudo command. Note that you cannot edit the sudoers file as an ordinary user with no sudo privileges.
Once you open the sudoers file, you can give a user sudoers rights as follows.
For example, to enable the user
john to run commands with
sudo privileges, simply add the line below on the sudoers file.
john ALL=(ALL:ALL) ALL
This line allows user john to run all commands with sudo upon authentication.
If you need to allow specific group of users to run the commands with sudo, simply add the line below replacing the
groupname with your group.
%groupname ALL=(ALL:ALL) ALL
To break down these lines in simple terms;
groupname: specifies the user or group being assigned the sudo privileges.
ALL(before =): Specify the host on which the user/group can have sudo privileges. This means that the user/group can use sudo on all hosts.
ALL:ALL(within the brackets): The
ALLbefore the colon specifies the user running the command while the
ALLafter the colon specifies the group of the user running the command.
ALL(the last section): Specifies the command that the user can run. In this case, it means any command.
Once the user is given sudo rights, they can now execute privileged commands that are allowed to execute by prefixing them with sudo.
In this guide, you have learnt how to add users to sudo group in Linux. In our next tutorial, we will learn how to allow a user to run only specific commands with sudo command.