How to Add a User to Sudoers in Ubuntu

Quick Reference

1Add User to the sudo Group (Easiest Way)

Anyone in the sudo group in Ubuntu can run commands as an administrator. To give a user these rights, add them to this group.

Step 1: Open the terminal.

Step 2: Run this command, replacing username with the actual user’s name:

sudo usermod -aG sudo username

Step 3: The user needs to log out and log back in for the change to take effect. Alternatively, they can start a new login shell:

su - username

Check the User’s Groups

To confirm the user is in the sudo group, run this command:

groups username

You should see the user’s name listed.

Test sudo Access

Switch to the user (if you’re not already) and run:

sudo whoami

If it asks for a password and then shows root, sudo is working!

2Give User Custom sudo Permissions (Using sudoers File)

Sometimes you want to control exactly what commands a user can run with sudo. That’s when you edit the /etc/sudoers file.

Important: Always edit this file using visudo. It checks for mistakes before saving to prevent breaking sudo access.

Open sudoers File Safely

In the terminal, run:

sudo visudo

This command opens the sudoers file in the default editor.

If you prefer the nano editor (which many users find more intuitive), run:

sudo EDITOR=nano visudo

Give Full sudo Access to a User

At the bottom of the file, add this line, replacing username with the actual user:

username ALL=(ALL:ALL) ALL

This means the user can run any command using sudo and will be asked for their password.

Allow User to Run sudo Without Password

If you want the user to run sudo commands without typing a password, use this:

username ALL=(ALL:ALL) NOPASSWD:ALL

Allow User to Run Only Specific Commands

To let a user use sudo for only certain commands, list the full paths. For example, to allow mkdir and rmdir without a password:

username ALL=(ALL:ALL) NOPASSWD: /bin/mkdir, /bin/rmdir

Or, to require a password for specific commands like apt and systemctl:

username ALL=(ALL:ALL) /usr/bin/apt, /usr/bin/systemctl

Use the /etc/sudoers.d Folder for User Rules

Instead of modifying the main sudoers file, you can add a file specifically for the user inside /etc/sudoers.d. This helps keep things organized.

To create a file for a user, run:

sudo visudo -f /etc/sudoers.d/username

Then add your rules inside, for example:

username ALL=(ALL:ALL) NOPASSWD:ALL

Tip: The file name should not contain dots (.) or end with a tilde (~), or sudo will ignore it.

See What sudo Permissions a User Has

To check what commands a user can run with sudo, run this:

sudo -l -U username

This shows a list of allowed and forbidden commands for that user.

Summary

• Easy method: Add users to the sudo group to give full sudo access.
• Control access: Edit the sudoers file or add files in /etc/sudoers.d for custom permissions.
• Always use visudo: It prevents mistakes that could lock you out.
• Be careful with passwordless sudo: It can make your system less safe.
• Check sudo permissions regularly: Use sudo -l -U username to verify.

Following these steps will help you manage who can do what on your Ubuntu system safely.