If a sudo command on Linux receives a message that a user is “not in the sudoers file”, you will need to sign up for the “sudoers” list. We will see how to add a user to sudoers in Ubuntu and other Linux distributions, as well as edit the sudoers file.
Why do I need to be added to the sudoers file?
In Linux installations, the root user is the most privileged user. They can perform any administrative task, access any file regardless of its actual ownership, and can create, manipulate, and even delete other users.
This level of power is dangerous. If root makes a mistake, the results can be catastrophic. They have the ability to mount and unmount file systems, and completely overwrite them. A much safer way to work is to never log in as root.
Nominated users can use sudo to temporarily obtain administrative powers, perform the necessary action, and then return to their normal unprivileged state. This is safer because you consciously invoke your higher powers when you need them, and while you are focused on doing whatever requires them.
The sudo command is Linux’s equivalent of shouting “Shazam.” When the scary things end, you abandon your super-powered alter-ego and return to your normal monotonous self.
Logging in as root is disabled by default in most modern distributions, but it can be reset. Using the root account for daily work is inadvisable. Errors that would normally affect a single user or would be blocked entirely due to insufficient privileges can run unhindered if performed by the root.
Modern Linux distributions grant sudo privileges to the user account that is created during installation or post-installation configuration steps. If someone else tries to use sudo, they will see a warning message like this:
mary is not in the sudoers file. This incident will be reported.
That seems pretty clear. Our user mary cannot use sudo because it is not “in the sudoers file”. So let’s see how we can add her, turning her into a sudo user.
RELATED: How to Control Sudo Access on Linux How
to Open sudoers File Before we can add a sudo user, we need to work with
the sudoers file
. This lists the user groups of users who can use sudo. If we need to make modifications to the file, we must edit it.
The sudoers file should be opened using the visudo command. This locks the sudoers file and prevents two people from trying to make changes at the same time. It also performs some sanity checks before saving your edits, making sure they’re analyzed correctly and syntactically sound.
Note that visudo is not a publisher, it launches one of its available editors. In Ubuntu 22.04, Fedora 37 and Manjaro 21, visudo released nano. That may not be the case on your computer.
If we want to give someone access to full sudo privileges, we only need to reference some information in the sudoers file. If we want to be more granular and give our user some of the root capabilities, we need to edit the file and save the changes.
Either way, we need to use visudo.
RELATED: How to Exit the vi or vim editor
Add a sudo user in Ubuntu and other Linux distributions
We have two users who need access to root privileges to carry out their job roles, so we will add them to sudoers. They are Tom and Mary. Mary needs access to all that the root can do. Tom only needs to install apps.
Let’s add Mary to the group of sudoers first. We can do this on Ubuntu and most other Linux distributions in the same way, starting visudo.
sudo visudo
Scroll down in the editor until you see the “Specifying User Privileges” section. Look for a comment that says something along the lines of “Allow members of this group to execute any command.”
We are told that members of the sudo group can execute any command. All we need to know in Mary’s case is the name of that group. It’s not always sweaty; It could be wheel or something else. Now that we know the name of the group, we can close the editor and add Mary to that group.
We are using the usermod command with the options -a (append) and -G (group name) to add users to sudoers. The -G option allows us to name the group we would like to add the user to, and the -a option tells usermod to add the new group to the list of existing groups this user is already in.
If you don’t use the -a option, the only group your user will be in is the newly added group. Double check and make sure you have included the -a option.
sudo usermod -aG sudo mary
The next time Mary logs in, she will have access to sudo. We are logged in and are trying to edit the file system table file, “/etc/fstab”. This is a file that is off-limits to everyone except root.
sudo nano /etc/fstab
The nano editor opens with
the “/etc/fstab” file loaded.
Without sudo privileges, you could only open this as a read-only file. Mary no longer has those restrictions. You can save any changes you make.
Close the editor and don’t save any changes you’ve made.
Limit sudo privileges by editing the sudoers file
Our other user, Tom, will be granted permission to install software, but will not receive all the privileges that were granted to Mary. We can make Tom a sweat user without giving him all the privileges.
We need to edit the sudoers file.
sudo visudo
Scroll down in the editor until you see the “Specifying User Privileges” section. Look for a comment that says something along the lines of “Allow members of this group to execute any command.” It’s the same point in the file where we found the name of the group we needed to add Mary to.
Add these lines below that section.
# user tom can install software tom ALL=(root) /usr/bin/apt
The first line is a simple comment. Note that there is a tab between the username “tom” and the word “Everyone”.
This is what the elements of the line mean.
- Tom: The name of the user’s default group. Usually, this is the same as the name of your user account.
- ALL=: This rule applies to all hosts on this network.
- (root): Members of the “tom” group, i.e. user Tom, can assume root privileges for the commands listed.
- usr/bin/apt: This is the only command that user Tom can execute as root.
/
We have specified the apt package manager here because this computer uses Ubuntu Linux. You would have to replace this with the appropriate command if you are using a different distribution.
Let’s log in to Tom and see if we get the expected behavior. We will try to edit the “/etc/fstab” file.
sudo nano /etc/fstab
<img src="https://www.howtogeek.com/wp-content/uploads/2022/10/7-5.png" alt="Trying to edit the
/etc/fstab file without privileges sudo” /> That
command is rejected, and we are told that “user tom cannot execute ‘/usr/bin/nano /etc/fstab’ as root…” That’s
what we wanted. It is assumed that user Tom can only use the apt package manager. Let’s make sure they can do that.
sudo apt install neofetch
The command runs successfully for Tom
.
Whoever has this command
If all your users can use sudo, you will have chaos on your hands. But it is worth promoting other users to the list of sudoers so that they can share their administrative burden. Just make sure they are dignified and keep an eye on them.
Even if you are the only user on your computer, it is worth considering creating another user account and adding it as a sudo user. That way, if you ever find yourself locked out of your main account, you have another account you can log in with to try to remedy the situation.
RELATED: How to Check the Use of the Sudo Command on Linux