How many times have you created a new user on a Linux machine, only to find out that new user doesn’t have sudo privileges? Without the ability to use sudo, that user is limited in what they can do. This, of course, is by design; you certainly don’t want every user on your system to have admin privileges. However, for those users you do want to enjoy admin rights, they must be able to use the sudo command.
How to give users sudo privileges
Most modern Linux distributions have a user group which grants sudo privileges simply by virtue of being a member of that group. While sudo configurations do allow for individual accounts to have sudo privileges, this is not encouraged because it leads to user management headaches, especially if a user ID is changed or if that user’s account is removed or deactivated.
SEE: Learn how to start, stop and restart services in Linux.
You can determine which group this is by looking at the
/etc/sudoers file. You can safely view the contents of this file using the command:
sudo less /etc/sudoers
In Federa and Red Hat, this group is usually the wheel group (Figure A):
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
In Ubuntu and Kali, this group is usually the sudo group, not to be confused with the sudo command (Figure B):
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
This means all members of the admin group have full sudo privileges. To add your user to the admin group, you would issue the command (as a user who already has full sudo privileges):
sudo usermod -a -G sudo USERNAME
Where USERNAME is the name of the user to be added. Once the user logs out and logs back in, they will now enjoy full sudo privileges. If you were using Fedora or a Red Hat-based distribution, you would use the wheel group instead:
sudo usermod -a -G wheel USERNAME
Note that the user will continue to have sudo privileges as long as that user has this group assignment. To revoke sudo privileges, you will need to remove that user from that group.
Use with caution
Obviously, you do not want to add every user to the sudoers file or to the admin group. Use this with caution; otherwise, you run the risk of jeopardizing system security. But with care, you can manage what your users can and cannot do with ease.
Do more with sudo privileges
In addition, you’ll want to make administration easier by combining multiple commands into a single bash prompt.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays