How to Quickly Give Users sudo Privileges in Linux

9 months ago AndyC

If you have users that need certain admin privileges on your Linux machines, here’s a walk-through of the process for granting full or specific rights.

How to Quickly Give Users sudo Privileges in Linux

If you have users that need certain admin privileges on your Linux machines, here’s a walk-through of the process for granting full or specific rights.

How many times have you created a new user on a Linux machine, only to find out that new user doesn’t have sudo privileges? Without the ability to use sudo, that user is limited in what they can do. This, of course, is by design; you certainly don’t want every user on your system to have admin privileges. However, for those users you do want to enjoy admin rights, they must be able to use the sudo command.

Jump to:

How to give users sudo privileges

Most modern Linux distributions have a user group which grants sudo privileges simply by virtue of being a member of that group. While sudo configurations do allow for individual accounts to have sudo privileges, this is not encouraged because it leads to user management headaches, especially if a user ID is changed or if that user’s account is removed or deactivated.

SEE: Learn how to start, stop and restart services in Linux.

You can determine which group this is by looking at the /etc/sudoers file. You can safely view the contents of this file using the command:

sudo less /etc/sudoers

In Federa and Red Hat, this group is usually the wheel group (Figure A):

## Allows people in group wheel to run all commands
%wheel   ALL=(ALL)         ALL

Figure A

In Red Hat and Fedora, the wheel group provides admin privileges automatically.
In Red Hat and Fedora, the wheel group provides admin privileges automatically.

In Ubuntu and Kali, this group is usually the sudo group, not to be confused with the sudo command (Figure B):

# Allow members of group sudo to execute any command
%sudo    ALL=(ALL:ALL)  ALL

Figure B

Ubuntu and Kali provide admin privileges to the sudo group.
Ubuntu and Kali provide admin privileges to the sudo group.

This means all members of the admin group have full sudo privileges. To add your user to the admin group, you would issue the command (as a user who already has full sudo privileges):

sudo usermod -a -G sudo USERNAME

Where USERNAME is the name of the user to be added. Once the user logs out and logs back in, they will now enjoy full sudo privileges. If you were using Fedora or a Red Hat-based distribution, you would use the wheel group instead:

sudo usermod -a -G wheel USERNAME

Note that the user will continue to have sudo privileges as long as that user has this group assignment. To revoke sudo privileges, you will need to remove that user from that group.

Use with caution

Obviously, you do not want to add every user to the sudoers file or to the admin group. Use this with caution; otherwise, you run the risk of jeopardizing system security. But with care, you can manage what your users can and cannot do with ease.

Do more with sudo privileges

Using your newfound sudo privileges, you can add a new user to your Linux system, list system services and search for files from the command line.

In addition, you’ll want to make administration easier by combining multiple commands into a single bash prompt.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , ,

More Stories

20 Coolest Cybersecurity Products At RSAC 2024

20 Coolest Cybersecurity Products At RSAC 2024

3 hours ago AndyC
Proofpoint Sets New Industry Standard in Email Security with Adaptive Threat Protection Capabilities Across the Entire Email Delivery Chain

Proofpoint Sets New Industry Standard in Email Security with Adaptive Threat Protection Capabilities Across the Entire Email Delivery Chain

3 hours ago AndyC
Defenders assemble: Time to get in the game

Defenders assemble: Time to get in the game

3 hours ago AndyC
The Australian Government’s Manufacturing Objectives Rely on IT Capabilities

The Australian Government’s Manufacturing Objectives Rely on IT Capabilities

9 hours ago AndyC
Udemy Report: Which IT Skills Are Most in Demand in Q1 2024?

Udemy Report: Which IT Skills Are Most in Demand in Q1 2024?

9 hours ago AndyC
Can VPNs Be Tracked by the Police?

Can VPNs Be Tracked by the Police?

15 hours ago AndyC

You may have missed

Visibility and prioritisation are the key to effective network and infrastructure security

Visibility and prioritisation are the key to effective network and infrastructure security

3 hours ago AndyC
Fastly enhances Managed Security Service with bot management

Fastly enhances Managed Security Service with bot management

3 hours ago AndyC
<div>Dragos & CrowdStrike expand partnership to tackle cyber threats</div>

Dragos & CrowdStrike expand partnership to tackle cyber threats

3 hours ago AndyC
CrowdStrike launches Falcon for Defender to bolster Microsoft security

CrowdStrike launches Falcon for Defender to bolster Microsoft security

3 hours ago AndyC
Dragos, CrowdStrike enhance OT cybersecurity amid rising threats

Dragos, CrowdStrike enhance OT cybersecurity amid rising threats

3 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.