Creating a Sudo-Enabled User
By default, the root user is set up during the installation of Linux. This user has all rights to administer the operating system. The other users initially do not have administrator privileges. The sudo command allows authorized users to run programs in the terminal with root privileges. This article explains how to create a sudo-enabled user.
Creating Users
CentOS 7 and CentOS 8
Log in as the root user on the desired server.
To create a new user, enter the following command:
[root@localhost ~]# adduser USERNAME
Example:
[root@localhost ~]# adduser johnsmithTo set the password of the new user, enter the following command:
[root@localhost ~]# passwd USERNAME
Example:
[root@localhost ~]# passwd johnsmithEnter the desired password and repeat it.
Ubuntu 18.04, Ubuntu 20.04, Debian 9 and Debian 10
Log in as the root user on the desired server.
To create a new user, enter the following command:
[root@localhost ~]# adduser USERNAME
Example:
[root@localhost ~]# adduser johnsmithEnter the desired password and repeat it.
Optional: Enter additional user information. To skip entering this information, press the Enter key.
Changing the user information for johnsmith
Enter the new value, or press ENTER for the default
Full Name [ ]:
Room Number [ ]:
Work Phone [ ]:
Home Phone [ ]:
Other [ ]:
Is the information correct? Y/n]Type Y and press the Enter key.
Suse Linux
Log in as root user on the desired server.
To create a new user, enter the following command:
localhost: ~ # useradd USERNAME
Example:
localhost: ~ # useradd johnsmithTo set the password of the new user, enter the following command:
localhost: ~ # passwd USERNAME
Example:
localhost: ~ # passwd johnsmithEnter the desired password and repeat it.
Test Sudo and Install (If Necessary)
Test to see if sudo is installed. To do this, enter the following command:
sudo ls -la /root
If you see the message bash: sudo: command not found, sudo is not installed.If sudo is already installed, you can skip this step. To install sudo, enter the following command:
CentOS 7 and 8
yum install sudo -y
Debian and Ubuntu
apt install sudo
Suse Linux
zypper in sudo
Assigning Sudo Rights to a User
CentOS 7 and 8
To assign sudo privileges to a user in CentOS 7 and 8, you must add the user to the wheel group. To add the user to this group, enter the following command:
[root@localhost ~]# usermod -aG wheel USERNAME
Example:
[root@localhost ~]# usermod -aG wheel johnsmith
To check if the change was successful, enter the following command:
localhost:~ # groups USERNAME
Example:
localhost:~ # groups johnsmith
Debian and Ubuntu
To assign sudo privileges to a user in Debian and Ubuntu, you must add the user to the sudo group. To add the user to this group, enter the following command:
[root@localhost ~]# usermod -aG sudo USERNAME
Example:
[root@localhost ~]# usermod -aG sudo johnsmith
To check if the change was successful, enter the following command:
localhost:~ # groups USERNAME
Example:
localhost:~ # groups johnsmith
Suse Linux
To assign sudo privileges to a user in Suse Linux, do the following:
Locate the system-group-wheel and system-user-mail packages. Enter the following command:
localhost:~ # zypper se wheel mailTo install the packages, enter the following commands:
localhost:~ # sudo zypper install system-group-wheel
localhost:~ # sudo zypper install system-user-mailOpen the file /etc/sudoers with the editor vim. Enter the following command:
localhost:~ # visudoMake sure that the commenting has been removed in the following lines. You may need to remove the # character at the beginning of the line:
#Defaults targetpw # ask for the password of the target user i.e. root
and
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
Note
The vim editor has an insert mode and a command mode. You can enter the insert mode by pressing the i key. In this mode, the entered characters are immediately inserted into the text. To enter the command mode, press the ESC key afterwards. When you use command mode, your keyboard input is interpreted as a command.
Caution.
If you only uncomment the line "Defaults targetpw" and leave the line ALL ALL=(ALL) ALL # WARNING! commented, all users will have access to the root level of the utilities by entering their own password.
Look for the User privilege specification entry.
To grant all members of the wheel group the privileges to execute all commands, you must remove the # character at the beginning of the line in the following line to uncomment it:
# %wheel ALL=(ALL) ALLTo save the changes, press the escape key and then type the following command:
:wqTo assign sudo privileges to a user, you must add the user to the wheel group. To add the user to this group, type the following command:
localhost:~ # usermod -a -G wheel USERNAME
Example:
localhost:~ # usermod -a -G wheel johnsmithTo check if the change was successful, enter the following command:
localhost:~ # groups USERNAME
Example:
localhost:~ # groups johnsmithCreate the /etc/sudoers.d/userpw file using vi. Enter the following command:
localhost:~ # vi /etc/sudoers.d/userpwAdd the following entry:
Defaults !targetpwTo save the changes, press the escape key and then type the following command:
:wq
Test Sudo-capable user
To test whether the sudo permissions work, do the following:
To change the user, enter the following command:
[root@localhost ~]# su USERNAME
Example:
[root@localhost ~]# su johnsmithList the contents of the /root directory. To do this, type the following command:
[maxmustermann@localhost root]$ sudo ls -la /rootThe first time you use sudo in a session, you will be prompted for the user's password.
Enter the user's password.