How to Add Users to sudo group in Linux

|
Last Updated:
|
|

In this guide, we are going to learn how to add users to sudo group in Linux. More often than not, you want, as a non-root user, to run commands with elevated privileges in Linux. So the only way this can happen is to give user sudo privileges by adding them to a sudo group or to sudoers file.

Adding Users to sudo group in Linux

sudo group in Debian and its derivatives is called wheel group in CentOS and similar derivatives.

A user can be given sudo privileges by being added to the sudo/wheel group or by being added to the sudoers file, /etc/sudoers.

So what is the difference between sudo/wheel group and sudoers file?

The sudo/wheel group has the privileges it has based on what is defined on the sudoers file. In sudoers file, you will see the lines below;

In Debian derivatives;

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

In RHEL derivatives;

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

NOTE that a group is prefixed with %.

So based on the two lines above, sudoers security policy requires that users authenticate themselves before they can use sudo command.

However, a password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command.

Add Users to sudo group in Linux

To add user to wheel or sudo group, you can use the usermod command in the following syntax;

usermod -aG sudo/wheel USERNAME

Where

  • a means add the user to the supplementary group that will be specified with -G option.
  • G specifies the supplementary groups to which the user is being added.
  • sudo/wheel specifies the group to add the user
  • USERNAM specifies the name of the user being added to the sudo group.

For example, On Debian and its derivatives, to add a user called john to sudo group;

usermod -aG sudo john

To confirm the groups of the user, use id command.

id john
uid=1002(john) gid=1002(john) groups=1002(john),27(sudo)

On RHEL and its derivatives like CentOS;

usermod -aG wheel john
id john
uid=1001(john) gid=1001(john) groups=1001(john), 10(wheel)

Adding users to sudoers file in Linux

Well, you can explicitly give users sudo privileges by adding them to the sudoers file. A user whose privileges are defined in the sudoers file doesn’t necessarily have to be added to the sudo or wheel group.

To edit the sudoers file, use the visudo command. This will open the sudoers file with your default editor, usually nano if the EDITOR variable has not been set.

To use vim as your editor, simply run;

export EDITOR=vim

Next, run visudo command. Note that you cannot edit the sudoers file as an ordinary user with no sudo privileges.

visudo

Once you open the sudoers file, you can give a user sudoers rights as follows.

For example, to enable the user john to run commands with sudo privileges, simply add the line below on the sudoers file.

john ALL=(ALL:ALL) ALL 

This line allows user john to run all commands with sudo upon authentication.

If you need to allow specific group of users to run the commands with sudo, simply add the line below replacing the groupname with your group.

%groupname ALL=(ALL:ALL) ALL

To break down these lines in simple terms;

  • john or groupname: specifies the user or group being assigned the sudo privileges.
  • ALL (before =): Specify the host on which the user/group can have sudo privileges. This means that the user/group can use sudo on all hosts.
  • ALL:ALL (within the brackets): The ALL before the colon specifies the user running the command while the ALL after the colon specifies the group of the user running the command.
  • ALL (the last section): Specifies the command that the user can run. In this case, it means any command.

Once the user is given sudo rights, they can now execute privileged commands that are allowed to execute by prefixing them with sudo.

Other Tutorials

Using Find Command to Search for Files and Directories in Linux

Connect to WiFi in Linux Using NMCLI command

Extract Log Lines of Specific Dates from a Log File

How to Install and Use 7zip File Archiver on Ubuntu 18.04

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

2 thoughts on “How to Add Users to sudo group in Linux”

Leave a Comment