I am trying to give sudo access to one of my users. What should I type in my terminal?
Asked
Active
Viewed 2.3e+01k times
59
-
15This question is obviously helping a lot of people and you should consider re-opening it. – Adam Boostani Sep 17 '14 at 00:35
-
If you like to reopen the question you should provide additional details that qualify it as a valid according the rules in the help center. – Roman C Jun 14 '16 at 11:07
-
3This question should be moved to the correct site rather then closed. – Matthew Nov 12 '16 at 20:11
3 Answers
69
You need run visudo and in the editor that it opens write:
igor ALL=(ALL) ALL
That line grants all permissions to user igor.
If you want permit to run only some commands, you need to list them in the line:
igor ALL=(ALL) /bin/kill, /bin/ps
Igor Chubin
- 61,765
- 13
- 122
- 144
-
What would be the reason if one carried out the above, but the user (in this case `igor`) still did not have full sudo access (ie. can issue `sudo ls` but not `sudo mount -a`)? – puk Oct 02 '13 at 04:18
-
@puk it depends on the commands that you listed in /etc/sudoers; when you wrote `ALL`, user can run all commands – Igor Chubin Oct 02 '13 at 09:59
58
This answer will do what you need, although usually you don't add specific usernames to sudoers. Instead, you have a group of sudoers and just add your user to that group when needed. This way you don't need to use visudo more than once when giving sudo permission to users.
If you're on Ubuntu, the group is most probably already set up and called admin:
$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
...
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
On other distributions, like Arch and some others, it's usually called wheel and you may need to set it up: Arch Wiki
To give users in the wheel group full root privileges when they precede a command with "sudo", uncomment the following line: %wheel ALL=(ALL) ALL
Also note that on most systems visudo will read the EDITOR environment variable or default to using vi. So you can try to do EDITOR=vim visudo to use vim as the editor.
To add a user to the group you should run (as root):
# usermod -a -G groupname username
where groupname is your group (say, admin or wheel) and username is the username (say, john).
Community
- 1
- 1
Lev Levitsky
- 63,701
- 20
- 147
- 175
-3
Edit /etc/sudoers file either manually or using the visudo application.
Remember: System reads /etc/sudoers file from top to the bottom, so you could overwrite a particular setting by putting the next one below.
So to be on the safe side - define your access setting at the bottom.
-
7If you edit it manually, you can damage it and corrupt your sudo access. No reason not to use `visudo`. – ripper234 Sep 12 '13 at 09:16
-
-
@ripper234 there are multiple reasons, when writing IAC you are not able to run a cli utility to configure just one server... you are forced to do it manually... – YosSaL Dec 06 '22 at 14:00