How can I add a new user as sudoer using the command line?

  • After I add a user using adduser, I can't see it via System > Administration > Users and Groups unless I log out and then log in again. Is that normal?

    Also, can I set a newly added user as a sudoer or do I have to change that only after adding it? How can I do that via the shell?

    Finally, can I delete the original user that was created upon initial installation of Ubuntu, or is this user somehow 'special'?

  • ændrük

    ændrük Correct answer

    10 years ago

    Just add the user to the sudo group:

    sudo adduser <username> sudo
    

    The change will take effect the next time the user logs in.

    This works because /etc/sudoers is pre-configured to grant permissions to all members of this group (You should not have to make any changes to this):

    # Allow members of group sudo to execute any command
    %sudo   ALL=(ALL:ALL) ALL
    

    As long as you have access to a user that is in the same groups as your "original" user, you can delete the old one.


    Realistically, there are also other groups your new user should be a member of. If you set the Account type of a user to Administrator in Users Settings, it will be placed in at least all of these groups:

    adm sudo lpadmin sambashare
    

    Because your system configuration may vary, I suggest taking a look at the output of groups <username> to see what groups are normally in use.

    Thanks, but if I add my user to `admin` I can later add myself to any other groups as well, right?

    Anybody who has root privileges can add himself to any group. If you give someone full sudo privileges, that is what you get, does not matter if as user or as member of admin. If you want to give less privileges, you need to specify this in the sudoer file

    @Dziamid I'm not sure what the `sudo` group is for. Let's find out.

    Please note that the `admin` group doesn't exist in 12.04 LTS.

    There exists admin group in Ubuntu 12.04.02 LTS. And adding the user in that adm group in file /etc/group will help.

    The question is about an existing user, but if it was for a new user *"sudo adduser sudo"* would have to be preceded by *"sudo adduser "*. Otherwise one get the error message "The user does not exist".

    this didn't work for me. still can't use sudo.

    if you can't run sudo because of sudoer, you should boot under recovery mode and run this command.

    Had to log in again for it to work.

    Is username a new user you're creating or an existing user that is somewhere that exists already?

    FYI doesn't work out of the box on centos 6

    On ubuntu 16 I had to do `sudo adduser myuser && sudo adduser myuser root`

    @Kris, perhaps you mean `sudo adduser myuser && sudo adduser myuser sudo`

    @H2ONaCl I believe you are correct, as looking at my local machine (Ubuntu 16), I have a sudo, but not root group, which makes sense.

    Um... important note: if *you* are the user you want to add to sudo, you need to *first* perform su to get into sudo mode (using the root password). Then you can issue sudo adduser command.

  • I did

    sudo usermod -a -G sudo <username>
    

    as recommended here.

    group sudo does not exist

    The only working solution here. Ubuntu 16

    For an existing user, this is the correct solution. It should be marked as the answer.

    Do not forget `-a` flag or you will remove user from all groups except `sudo`

    @RousseauAlexandre absolutely! most important, especially if you are trying to add yourself to a non-sudo group and you're the only one on the machine with sudo privileges... `without -a you just removed yourself from the sudo group!`

    This isn't the answer, the answer is to add the line ALL=(ALL) ALL to sudoers file via the visudo command.

  • Open the sudoers file: sudo visudo will open the /etc/sudoers file in the editor defined in $EDITOR (probably GNU nano - set the variable if it's not what you want, eg export EDITOR="nano" and try sudo visudo again).

    Add the below line to the end of the file.

    username ALL=(ALL) ALL   # Change the user name before you issue the commands
    

    Then perform WriteOut with Ctrl + O. The editor will ask you for the file name to write into. The default will be a temporary file that's used by visudo to check for syntax errors before saving to the actual sudoers file. Press Enter to accept it. Quit the nano editor with Ctrl + X.

    Done!

    It would be inadvisable to explicitly add a single user to the sudoers file instead of simply adding that user to the appropriate group `sudo`.

    with sudo visudo you can output to /etc/sudoers.tmp, when leaving the editor it will overwrite /etc/sudoers by itself

    and visudo will verify the syntax to make sure there are no errors

    syntax error if using this .

    The other solutions work great for OSs with a built in `sudo` group, but for the occasional system without a dedicated `sudo` group, this solution works. The only recommendation I have is you may want to avoid putting `sudo` itself inside the procedure, as it may not be setup yet! Easy to workaround by doing `su -` and then simply `visudio`. This works on Gentoo.

  • One thing I have to add that I'm sure a lot of people don't understand:

    Once you have already done a adduser "username", you can still come back and do a adduser "username" sudo, and it will then add that user to the group properly.

    It actually won't work the first time around like sudo adduser username sudo. It will give you an error. Which in summary means you must first make the user account before you can add them to a group.

  • All members of the group admin, are in Ubuntu by default allowed to use sudo, so the easiest way is to add the user account to the admin group.

    If you do not want to give the user account full root access, you need to edit the /etc/sudoer file with visudo (it makes sure that you do not have any syntax errors in the file and lose sudo capability altogether) in a way that you specify what commands this user (or a new group) can execute as root.

    The sudoer manual will give you more information about this. You can specify which commands are permitted by a particular user/group to be executed as root.

    I thought that was what the `wheel` group was for?

    @Marco I'm not familiar with that. Can you explain a little more?

    @MarcoCeppi, the wheel group was used on some systems to restrict what users could use `su`. Ubuntu uses `sudo` and the admin group.

  • on CentOS, I do as root

    echo ' username ALL=(ALL)   ALL' >> /etc/sudoers
    
  • The following snippet grants root access to username without explicitly logging in as root.

    Make sure that the user is added to sudo group first. Tested on Ubuntu 16.04.1 LTS.

    sudo adduser username sudo
    sudo sh -c "echo 'username ALL=NOPASSWD: ALL' >> /etc/sudoers"
    

    does this work on Ubuntu ?

    Yes checked on Ubuntu 16.04

    why not in one line: ```useradd -m username --groups sudo```

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM