Adding users to sudoers through shell script

Question

Is it possible to add users to the sudoers file through a shell script? I've been looking around, still can't find anything.

Answer 1

You could simply echo (with elevated privileges, of course) directly to the /etc/sudoers file:

sudo -i
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers
#             ^^
#             tab

(note the tab character between the username and the first ALL)

Or, for a script:

#!/bin/bash
# Run me with superuser privileges
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers

Then save to somefile.sh, chmod a+rx it, and run sudo ./somefile.sh from a terminal window.

To add multiple users, change the script to this;

#!/bin/bash

while [[ -n $1 ]]; do
    echo "$1    ALL=(ALL:ALL) ALL" >> /etc/sudoers;
    shift # shift all parameters;
done

Then, run the script like this (assuming you saved it as addsudousers.sh):

sudo ./addsudousers.sh bob joe jeff

that is, space-separated.

To read the names from a file:

nickw444@laptop ~ $ sudo ./addsudousers.sh `cat listofusers.txt`

listofusers.txt should also be space-separated.

Edit: Jappie Kirk rightly points out that you can't directly call sudo echo ... >> /etc/sudoers because the >> redirection is handled by the shell, which has by that point dropped the superuser privileges. However, if you run a script that contains echo ... >> /etc/sudoers and the script itself has superuser privileges, everything should work just fine.

Answer 2

No, a straight echo won't work, you have to run it in a subshell. Try this instead:

sudo sh -c "echo \"group ALL=(user) NOPASSWD: ALL\" >> /etc/sudoers"

Answer 3

There is also the sudo group, and you could add users to it (for common configurations of /etc/sudoers)

adduser [username] sudo

Answer 4

on RedHat Based Distributions use:

su - root

and enter your password, then :

echo 'YOURUSERNAME ALL=(ALL:ALL) ALL' >> /etc/sudoers

to add the user in sudoers file.

Answer 5

In order to grant to user sudo permission in shell script (Unix/Linux) use the usermod function:

sudo usermod -aG sudo <userName>

example:

sudo usermod -aG sudo johnDoe

For Verification: use the groups function ( which show the group membership ) and verify the sudo group us under the right user.

groups <userName>

example:

groups johnDoe
#!johnDoe: johnDoe sudo

Explanation from linux documentation:

The usermod command modifies the system account files to reflect the changes that are specified on the command line.

-a, --append

Add the user to the supplementary group(s). Use only with the -G option.

-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]

A list of supplementary groups which the user is also a member of. Each group is ?> separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the user to the current supplementary group list.

Answer 6

Other answers such as spawning a subshell will work, but may not work if you want to use environmental vars. One alternative I found played really nicely for me:

echo "%<user>      ALL=(ALL) ALL" | sudo tee -a /etc/sudoers > /dev/null

This being said, hindsight is 20/20... If modifying sudoers via a script and not via visudo I would seriously recommend creating a backup with the right file permissions and contents first since you can lose access to any sudo rights without pkexec, physical access or a reboot etc.

sudo cp /etc/sudoers /etc/sudoers.bak

Answer 7

Single line to create user with password and in sudo group.

useradd -p $(openssl passwd -1 PASSWORD) USERNAME -s /bin/bash -G sudo

Answer 8

In Debian and Ubuntu you can add users to the /etc/sudoers.d directory. The directory has a README file. Create a file called 99_sudo_include_file and drop it in the /etc/sudoers.d/ directory. It's easy to remove users or add users, just create a new file and overwrite the old file. You can simply echo your new file and overwrite the old file each time you want to change it.

echo '#== Visudo Users - All Permissions
#== ==============================
usersam      ALL=(ALL) ALL
userlam      ALL=(ALL) ALL
userfam      ALL=(ALL) ALL

#== Visudo Users - Certain Scripts
#== ==============================
userkam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
useroam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
userpam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh

#== Visudo Users - Certain Commands
#== ===============================
userpam      ALL=NOPASSWD: /sbin/reboot, /usr/bin/apt-get
userwam      ALL=NOPASSWD: /sbin/reboot, /usr/bin/apt-get' > /etc/sudoers.d/99_sudo_include_file

This way you don't touch your original /etc/sudoers file

Answer 9

Login as root to your machine. The root user are the only one who has privilege to add new user.

Once you logged-in, you may now try the following commands below:

1. Create a new user.

   adduser [username]

2. Add password to user

   passwd [username]

3. Grant root privileges to user Edit the visudo file by simply typing

   enter code here

Find the following line of code: root ALL=(ALL) ALL

Then add this code below:

[username] ALL=(ALL) ALL

The original post will find on this link Centos 6 – Creating sudoers user

Answer 10

I want continue about add user to sudoers. I already create, but the problem is when I run twice the shell script it will add again.

Please see below my script

for i in $(cat users); do

useradd $i

chsh $i /usr/bin/ksh93

echo "user $i added successfully!"

echo $i 'ALL=(ALL)    NOPASSWD: ALL' >> /HAapps/sudoers

echo $i:$i"123" | chpasswd

echo "Password for user $i changed successfully"

done

=============

this is the result

ario1 ALL=(ALL)    NOPASSWD: ALL
ario2 ALL=(ALL)    NOPASSWD: ALL

How to check or verify if the user already exist, so don't need add again ? Thank you All Master Need your advice