How to Add Users to sudo group in Linux

2
1216

In this guide, we are going to learn how to add users to sudo group in Linux. More often than not, you want, as a non-root user, to run commands with elevated privileges in Linux. So the only way this can happen is to give user sudo privileges by adding them to a sudo group or to sudoers file.

How to Add Users to sudo group in Linux

sudo group in Debian and its derivatives is called wheel group in CentOS and similar derivatives.

A user can be given sudo privileges by being added to the sudo/wheel group or by being added to the sudoers file, /etc/sudoers.

So what is the difference between sudo/wheel group and sudoers file?

The sudo/wheel group has the privileges it has based on what is defined on the sudoers file. In sudoers file, you will see the lines below;

In Debian derivatives;

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

In RHEL derivatives;

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

NOTE that a group is prefixed with %.

So based on the two lines above, sudoers security policy requires that users authenticate themselves before they can use sudo command.

However, a password is not required if the invoking user is root, if the target user is the same as the invoking user, or if the policy has disabled authentication for the user or command.

Add Users to sudo group in Linux

To add user to wheel or sudo group, you can use the usermod command in the following syntax;

usermod -aG sudo/wheel USERNAME

Where

  • a means add the user to the supplementary group that will be specified with -G option.
  • G specifies the supplementary groups to which the user is being added.
  • sudo/wheel specifies the group to add the user
  • USERNAM specifies the name of the user being added to the sudo group.

For example, On Debian and its derivatives, to add a user called john to sudo group;

usermod -aG sudo john

To confirm the groups of the user, use id command.

id john
uid=1002(john) gid=1002(john) groups=1002(john),27(sudo)

On RHEL and its derivatives like CentOS;

usermod -aG wheel john
id john
uid=1001(john) gid=1001(john) groups=1001(john), 10(wheel)

Adding users to sudoers file in Linux

Well, you can explicitly give users sudo privileges by adding them to the sudoers file. A user whose privileges are defined in the sudoers file doesn’t necessarily have to be added to the sudo or wheel group.

To edit the sudoers file, use the visudo command. This will open the sudoers file with your default editor, usually nano if the EDITOR variable has not been set.

To use vim as your editor, simply run;

export EDITOR=vim

Next, run visudo command. Note that you cannot edit the sudoers file as an ordinary user with no sudo privileges.

visudo

Once you open the sudoers file, you can give a user sudoers rights as follows.

For example, to enable the user john to run commands with sudo privileges, simply add the line below on the sudoers file.

john ALL=(ALL:ALL) ALL 

This line allows user john to run all commands with sudo upon authentication.

If you need to allow specific group of users to run the commands with sudo, simply add the line below replacing the groupname with your group.

%groupname ALL=(ALL:ALL) ALL

To break down these lines in simple terms;

  • john or groupname: specifies the user or group being assigned the sudo privileges.
  • ALL (before =): Specify the host on which the user/group can have sudo privileges. This means that the user/group can use sudo on all hosts.
  • ALL:ALL (within the brackets): The ALL before the colon specifies the user running the command while the ALL after the colon specifies the group of the user running the command.
  • ALL (the last section): Specifies the command that the user can run. In this case, it means any command.

Once the user is given sudo rights, they can now execute privileged commands that are allowed to execute by prefixing them with sudo.

In this guide, you have learnt how to add users to sudo group in Linux. In our next tutorial, we will learn how to allow a user to run only specific commands with sudo command.

Other Tutorials

Using Find Command to Search for Files and Directories in Linux

Connect to WiFi in Linux Using NMCLI command

Extract Log Lines of Specific Dates from a Log File

How to Install and Use 7zip File Archiver on Ubuntu 18.04

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here