What is sudo? The sudo command lets trusted users run special commands with administrator (root) rights. This is helpful when you need to make system changes.
There are two easy ways to let a user run commands with sudo on Ubuntu:
- Add the user to the
sudogroup - Give them special permissions in the sudoers file
This guide will show you how to do both in simple steps.
Quick Reference
| Task | Command |
|---|---|
| Add user to sudo group | sudo usermod -aG sudo username |
| Check user groups | groups username |
| See user’s sudo permissions | sudo -l -U username |
| Edit sudoers file safely | sudo visudo |
| Create sudoers file for user | sudo visudo -f /etc/sudoers.d/username |
| Test sudo access | sudo whoami |
1. Add User to the sudo Group (Easiest Way)
Ubuntu lets anyone in the sudo group run commands as administrator. To give a user these rights, just add them to this group.
Step 1: Open the terminal.
Step 2: Run this command (replace username with the actual user’s name):
sudo usermod -aG sudo usernameStep 3: The user needs to log out and log back in for the change to work. Or they can start a new login shell:
su - usernameCheck the User’s Groups
To see if the user was added to the sudo group, run:
groups usernameYou should see sudo listed.
Test sudo Access
Switch to the user (if you’re not already) and run:
sudo whoamiIf it asks for a password and then shows root, sudo is working!
2. Give User Custom sudo Permissions (Using sudoers File)
Sometimes you want to control exactly what commands a user can run with sudo. That’s when you edit the /etc/sudoers file.
Important: Always edit this file using visudo. It checks for mistakes before saving to prevent breaking sudo access.
Open sudoers File Safely
In the terminal, run:
sudo visudoThis will open the sudoers file in the vi editor by default.
If you prefer the nano editor (which is easier for many users), run:
sudo EDITOR=nano visudoGive Full sudo Access to a User
At the bottom of the file, add this line (replace username with the actual user):
username ALL=(ALL:ALL) ALLThis means the user can run any command using sudo and will be asked for their password.
Allow User to Run sudo Without Password
If you want the user to run sudo commands without typing a password, use:
username ALL=(ALL:ALL) NOPASSWD:ALLAllow User to Run Only Specific Commands
To let a user use sudo for just certain commands, list the full paths. For example, to allow mkdir and rmdir without password:
username ALL=(ALL:ALL) NOPASSWD: /bin/mkdir, /bin/rmdirOr, to require a password for specific commands like apt and systemctl:
username ALL=(ALL:ALL) /usr/bin/apt, /usr/bin/systemctlUse the /etc/sudoers.d Folder for User Rules
Instead of changing the main sudoers file, you can add a file just for the user inside /etc/sudoers.d. This keeps things organized.
To create a file for a user, run:
sudo visudo -f /etc/sudoers.d/usernameThen add your rules inside, for example:
username ALL=(ALL:ALL) NOPASSWD:ALLTip: The file name should not contain dots (.) or end with a tilde (~), or sudo will ignore it.
See What sudo Permissions a User Has
To check what commands a user can run with sudo, run:
sudo -l -U usernameThis shows a list of allowed and forbidden commands for that user.
Summary
- Easy method: Add users to the
sudogroup to give full sudo access. - Control access: Edit the sudoers file or add files in
/etc/sudoers.dfor custom permissions. - Always use
visudo: It prevents mistakes that could lock you out. - Be careful with passwordless sudo: It can make your system less safe.
- Check sudo permissions regularly: Use
sudo -l -U usernameto verify.
Following these simple steps will help you manage who can do what on your Ubuntu system safely and easily.
Leave a Reply