sudo is a command-line utility that allows trusted users to run commands as another user, by default root.
This tutorial shows two ways to grant sudo privileges to a user. The first one is to add the user to the sudoers file. This file contains a set of rules that determines which users or groups are granted with sudo privileges, as well as the level of the privileges. The second option is to add the user to the sudo group specified in the
sudoers file. By default, on Debian and its derivatives, members of the “sudo” group are granted with sudo access.
Adding User to the sudo Group
The quickest and easiest way to grant sudo privileges to a user is to add the user to the “sudo” group. Members of this group can execute any command as root via
sudo and prompted to authenticate themselves with their password when using
We’re assuming that the user you want to assign to the group already exists.
Run the command below as root or another sudo user to add the user to the sudo group
usermod -aG sudo username
Make sure you change “username” with the name of the user that you want to grant access to.
Granting sudo access using this method is sufficient for most use cases.
To ensure that the user has been added to the group, type:
You will be asked to enter the password. If the user has sudo access, the command will print “root”. Otherwise, you will get an error saying “user is not in the sudoers file”.
Adding User to the sudoers File
The users’ and groups’ sudo privileges are defined in the
/etc/sudoers file. This file allows you to grant customized access to the commands and set custom security policies.
You can configure the user access by editing the sudoers file or creating a new configuration file in the
/etc/sudoers.d directory. The files inside this directory are included in the sudoers file.
Always use the
visudo command to edit the
/etc/sudoers file. This command checks the file for syntax errors when you save it. If there are any errors, the file is not saved. If you edit the file with a regular text editor, a syntax error may result in losing the sudo access.
Let’s say you want to allow the user to run sudo commands without being asked for a password. To do that, open the
Scroll down to the end of the file and add the following line:
username ALL=(ALL) NOPASSWD:ALL
Save the file and quit the editor. Do not forget to change “username” with the username you want to grant access to.
username ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir
Instead of editing the sudoers file, you can achieve the same by creating a new file with the authorization rules in the
/etc/sudoers.d directory. Add the same rule as you would add to the sudoers file:
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username
This approach makes the management of the sudo privileges more maintainable. The name of the file not important, but it is a common practice to name the file according to the username.
To grant sudo access to a user in Debian, simply add the user to the “sudo” group.
If you have any questions, feel free to leave a comment.