wikiCreation of Sudo User in Debian Linux
When installing Debian GNU/Linux and all distributions based on it, you will be prompted to enter a root password for security reasons. If you select a password at this point, all other users will be created without sudo privileges. This article describes how to grant these privileges to users.
General situation
When installing the Debian operating system, you are given the option of assigning a root password. If multiple users are using the system, it is advisable to assign such a password to protect the system from malicious input. This is because root privileges allow critical system settings to be changed (e.g., which data carriers are available in the system, package management, and manipulation of system-critical files).
If a root password is created, all users are created with restricted rights.
sudo
If you want to perform actions with a user account that are normally only available to the root user, you can precede the command with sudo.
The command sudo stands for super user do and depending on assigned rights (s.u.), additional actions are possible.
sudoers file
If you try to use the command sudo after the first login, you receive the following message:
<user> is not in the sudoers file. This incident is reported.
So that the corresponding user can perform the command, he needs to be added in the sudoers file and the corresponding rights must be assigned to him.
Assignment of sudo rights to a user
In general, there are two ways on how to assign sudo rights to a user:
Add user to sudo group
If there is no user yet registered in the sudo group, this step must be performed as root. The easiest way is the change on root with the following command:
nutzer@linux:~$ su
After entering the root password, a new user can be added to the group:
root@linux:~$ usermod -aG sudo username
If you are already a user with sudo privileges, a change to root is not necessary. The following command is enough for this:
user@linux:~$ sudo usermod -aG sudo username
Explanation
The command usermod changes the user profile.
The option -aG states that the user should be appended to the following group.
Then, the group and the user name are specified at the end.
Adaption of the sudoers file
The sudoers file can only be modified with root rights or sudo privileges:
user@linux:~$ sudo visudo
This command opens the /etc/sudoers file. The following line is now added to the user privileges:
username ALL=(ALL:ALL) ALL
Explanation
The entry is described briefly here. For further information on the individual parts, consult: Sudoers Manual.
username: States the user and for whom the following definitions are validALL=: The firstALLstates for which host the rights should be assigned. Alternatively, the host can be specified here.(ALL:ALL): These entries refer to user:group for which entries are defined.ALL: The lastALLrefers to the commands. It is therefore possible to assign sudo rights to a user only for certain commands.
Hint
If you add another user during editing of the sudoers file, the rights of him are not collected in this file /etc/group!
More information
Information on sudoers file (medium.com, 2020)
 |
Author: Stefan Bohn Stefan Bohn has been employed at Thomas-Krenn.AG since 2020. Originally based in PreSales as a consultant for IT solutions, he moved to Product Management in 2022. There he dedicates himself to knowledge transfer and also drives the Thomas-Krenn Wiki.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
