Tag: sudo

Add User To The ‘sudoers’ Group

Today we’ll have a pretty straightforward article that’s meant for those who want to add a user to the ‘sudoers’ group. I have tested this in Ubuntu, specifically in Lubuntu, and it works. It shouldn’t be a complicated article, one easy enough for anyone to follow.

I am not 100% certain if this will work in other distros, so comment and let me know if it works with others. It should work in Debian, the official Ubuntu flavors, Mint, POP!_OS, ElementaryOS, and more. That much I’m pretty confident of, but I’ve done limited testing.

This article is going to assume you’re using ‘nano’ as your default text editor. That’s important for this, otherwise, you’ll need to change the directions to match your text editor of choice.

Let’s Install Nano (With Some Bonus Information)

We’ll be using a tool known as ‘visudo’. The man page defines it as:

visudo — edit the sudoers file

It’s important to use visudo to edit the sudoers file because it checks for errors and will prevent you from making syntax errors. It can’t correct bad information, but it can prevent you from making some basic mistakes.

What is the ‘sudoers’ file? 

Well, simply put, that’s the file that decides who has the rights to access sudo, and what rights they have to do so. A sudo user has administrative privileges, that is the ability to edit files that can’t be edited by a regular user. The sudo users can do things like change system files, change system settings, and add or remove software. They’re administrators (though you technically can give them limited rights, which is a topic for another article) so to speak.

So, What Is ‘sudo’ Anyhow?

You should make good choices when deciding which accounts have sudo access. They, at least by default, have the keys to the kingdom. A user with sudo access has complete control over the system. This isn’t always a good thing.

Many distros, including Ubuntu, use sudo instead of a root account. Root also has the keys to the kingdom. It’s a good way to view sudo as temporarily elevating the user’s rights to that of the root user. It should be obvious why this is beneficial.

Most of us don’t want our account to have root access all the time because it stops us from editing files we might not want to access – and the software we use also only has our regular user’s limited access to the system. Some folks are into running as root, and some distros have root enabled by default. The great thing about Linux is the choices available, including choices about security.

How To: Enable The Root Account in Ubuntu
How To: Graphically Login as Root in Ubuntu

(It’s generally suggested you not follow the directions given at those two URLs, but I’m a big fan of choice and of sharing information. So, you can do what you want. I do ask that you be careful and be a good netizen.)

That’s what we’ll be doing today. We’ll be learning how to add a user to the ‘sudoers’ group (file I suppose). Those user accounts will then have sudo access, the keys to the kingdom. There are a ton of valid reasons for doing this, and some not-so-good reasons. It’s your device. You do you!

Add A User To The ‘sudoers’ Group:

Yes, this article requires a terminal. I don’t know of a GUI way to accomplish this task. I’m sure there is one, but I don’t know. If you know of one, feel free to add a comment. Otherwise, press CTRL + ALT + T and your terminal should pop open.

With your terminal now open, you can easily just run the following command:

Of course, that’s the easy way…

If you want, you can manually edit the sudoers file. You’ll want to know how to do this if you only want to give the user elevated permissions to certain directories or files. So, I’ll include that. We can use this article as a reference article for a future article.

To manually edit the sudoers file,  you just run the following command:

You’ll then add the following line at the bottom of the file:

Replace the obvious with the obvious, as always. Be extra careful to avoid typographical errors. Then, you’ll save the file. As we’re using nano, the process to save the file is pressing CTRL + X, then Y, and then ENTER – and that should save the file. Congrats, you now know how to add a user to the ‘sudoers’ file.

Closure:

Well, it’s another article. As I mentioned, there are legitimate reasons to add a user to the sudoers file. There are also legitimate reasons for not doing so. It depends on you and your circumstances – and your computing goals are your own. This is Linux. We can do what we want!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 4 Average: 4]

Change The ‘sudo’ Password Timeout

Today’s article is going to be a pretty basic article about sudo, where we learn how to change the sudo password timeout. It’s pretty easy to change the sudo password timeout value, and reasonably safe to do so if you use visudo. So, with that in mind, read on!

When you use sudo you’re given a grace period. During that time, you can use sudo again without being asked to type your password again. This is an arbitrary value, typically 15 minutes (I think), and you can customize that value for your particular environment. It’s not difficult.

This is something people may want to change if they’re slow, doing a lot with sudo, or have good physical security. This is also something that someone might want to change for the opposite reason. Some people may want to decrease the length of time that they have with sudo because they work in a shared environment. Who knows? It’s your computer, you can do what you want!

So, what is sudo? It’s how you temporarily use elevated permissions. In fact, I wrote a whole article on this subject, which you can read if you’re so inclined – and I’d suggest doing so if you’re new to Linux:

So, What Is ‘sudo’ Anyhow?

Well then, I mentioned another application. I mentioned ‘visudo’ above.

This may come as a surprise, but I actually wrote an article about visudo! You can read that as well, especially if you’re new to Linux:

Use visudo To Edit The sudoers File

Huh… It’s almost as if I’ve been waiting to write this article for a while and that I took the time to write articles that explain all these things. For a brief moment, one might be fooled into thinking I am good at preparing things. Little do you know… It’d be far more accurate to just say that I’ve written a bunch of articles already. I’d prefer it if you thought it was the former, but there’s definitely a touch of the latter.

Change The sudo Password Timeout:

If you clicked on either of the two links above, you’d know that those tools are used in the terminal. You didn’t click them, did you? Well, you’re going to need an open terminal. In most distros, you can just press CTRL + ALT + T and your default terminal should open. 

With your terminal now open, we’re going to use visudo to edit your sudoers file. In my particular case, we’ll be using Nano. (See? Yet another article you can rely on for more information about Nano!) The command to start banging away on your sudoers file would be simply this:

Now, I can’t say for sure that you’ll be using Nano for this. As you didn’t click the links above, I’ll remind you that visudo uses your default text editor. So, you’ll need to be prepared for that. Your default text editor may be Vim, for example, and you’ll need to know the basics to change your sudo password timeout.

NOTE: If you want, you can change your default text editor. (Did you see that? I did it again!)

Anyhow…

With your sudoers file now open for editing, you just enter the following on a new line:

As far as I can tell, most distros default to 15 minutes. So, you can use sudo and then you won’t be asked for the password again for the next fifteen minutes. In the above, you replace the obvious with the obvious. If you wanted 10 minutes leeway without retyping the password, you’d use this command:

If you wanted an hour’s worth of leeway without typing your sudo password again, then the command would just be this:

See? It’s not very complicated at all.

If you want to be fancy, you could include a comment. A comment starts with an # symbol and is thus ignored by the system. You might want to enter something like this:

By adding a comment, you’ll be reminded of what changes you’ve made from the default configuration. This is generally a good idea, especially if you’re going to heavily modify your system.

As this is Nano, you can finish editing the sudoers file by pressing the CTRL + X, then Y, and then the ENTER button. That will save the changes with Nano. If you’re not using Nano, you’ll need to refer to the manual (unless you already know how to save an edited file).

Closure:

And there you go! You can now change your sudo password timeout value to whatever it is you desire, assuming it’s whole minutes. I do not believe it works with fractions of minutes. You shouldn’t need to reboot or anything. It should take effect immediately and be the new timeout value the very next time you use a command that starts with sudo.

Of course, this comes with some security considerations. If this is a public kiosk, you’d have to be a fool to make this longer. You’d have to be a fool to have sudo access to begin with! That’s why they make guest accounts!

But, if you’re home alone and the neighbors aren’t going to sneak in to steal your wifi password, you’re probably good to go. Heck, if you are daring, you can use sudo without a password. I don’t recommend that, but you can… 

Also, this article contains a whole lot of links to other articles. Google will be pleased! I think it speaks to how many articles I’ve already written more than any foresight on my part.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 1 Average: 5]

Use visudo To Edit The sudoers File

Today’s article may take a different format than most, as it’s just an article telling you to use visudo to edit the sudoers file. This type of article doesn’t lend itself to my normal formatting and should be considered akin to a Public Service Announcement. 

So, let’s start with the basics:

What Is The sudoers File?

Very simply, the sudoers file is the file on your system that decides who has permission to use elevated permissions via sudo. The sudoers file is pretty important and it’s easy to make mistakes while editing it. Fortunately, there’s some protection you can use while editing the sudoers file.

If you’re curious, we normally recommend using sudo instead of using root because sudo only gives the command elevated permissions while root always has elevated permissions. Those folks reading my site are generally fairly new to Linux and, as such, I strongly suggest using sudo instead of just logging in as root. Sure, it’s more of a hassle, but it’ll help save you from yourself.

What is visudo?

The visudo command will open your sudoers file with your default text editor. In many cases that will be Vim, but Nano is starting to be the default for more distros. I prefer the latter.

The visudo command defines itself like so:

visudo — edit the sudoers file

Further, and helpfully, you’ll find this in the description:

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors before installing the edited file. If the sudoers file is currently being edited you will receive a message to try again later.

So, as you can see, using visudo will help protect you from mistakes.

NOTE: While visudo can save you from syntax mistakes, it will do nothing to prevent you from entering the wrong information. If you open a second terminal and pre-authenticate for sudo, and do so quickly enough, you can then use that second terminal to fix it (re-editing the sudoers file).

Use visudo To Edit The sudoers File:

The sudoers file is located at /etc/sudoers and is a plain text file. It’s just a configuration file, like so many other configuration files. But, as described above, it’s a very important file. It’s also possible to mount the drive with a live Linux instance to edit the file, but that’s not something I’d recommend. Besides, if you use visudo to edit the sudoers file that shouldn’t be a problem.

You don’t need to specify anything when you want to edit the sudoers file. You don’t have to specify the file’s location. The visudo command knows where your sudo file is (unless you’ve modified this, as you can make a second config file and edit that) all by itself. If you want to use visudo to edit the sudoers file, you simply need this command in your favorite terminal:

The very first line of that file says this:

This file MUST be edited with the ‘visudo’ command as root.

I realize what it says, but in this case, you can replace ‘root’ with ‘sudo’ which will elevate your permissions to those of root. So, we’re sort of still using root to edit the file, but we’re technically just using sudo.

Closure:

There is my PSA about using visudo to edit that sudoers file. You must do so, especially if you’re new. You might be able to avoid a syntax error, but there’s no reason to not use visudo which will check for that sort of stuff.

I suppose the name comes from a time when Vi was still popular and it’s not a complete solution. You can still enter garbage and get garbage results. If you’re unprepared for the potential consequences, you might want to avoid editing the sudoers file until you’ve gained some confidence and have more familiarity with the tools Linux provides.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 6 Average: 5]

So, What Is ‘sudo’ Anyhow?

If you’re a new user, you’ll see commands with sudo in them and you’ve gleaned the meaning of what is sudo. The sudo command is a bit more robust than you may know and this article is going to tell you what sudo is. As I’m not actually sure how to format such an article, I’m going to try to smash it to fit my usual style article. This may make for  a fairly short article.

The sudo command stands for ‘superuser do’ and that’s probably how most folks will know it. That is, after all, correct. You use sudo when you want to execute something that requires different privileges than your account has. Most of the time, that means you want to run the command as an administrator with root privileges. 

But, that’s not all that sudo can do. You can also use it to run software as though you were another user on the same machine. Some folks (erroneously, but not without merit) have taken to referring to sudo as ‘substitute user do’. It suits, but it’s not correct.

To be fair, sudo didn’t have those extra features when it was new (~1980). When it was new, it just let you run commands as a superuser – root – and that was it. Perhaps if it had been named today, with the current feature set, those folks would be correct by calling it ‘substitute user do’. As it stands, those people are technically incorrect.

I’ve also written a couple of other sudo-related articles that may interest the reader.

Create A New User With SUDO Privileges In Ubuntu
How To: Use sudo Without A Password

What Is sudo:

The sudo command typically starts a command, such as an installation command. For example, a command like this:

If you try that command without a privileged account, it’ll fail and you won’t be able to install the software. For security sake, your regular user account should operate under the ‘least privilege principle’, meaning your regular account can’t be used to maliciously operate the system.

The sudo command is that safety gap. To use sudo, you must be a member of the sudoers group/have rights to the command and you must know the password. If you have sudo access, you can cause all the harm you want to a system! So, protect those passwords because they are legitimately the keys to the kingdom.

As we learn what is sudo, we might as well learn a few flags that you can use with it. The most important one, as sudo is plenty powerful by itself, is the -u flag. You use that not when you want to operate as root but when you want to use the privileges of another user on the same system. It looks like this:

When you’ve authenticated as sudo, you will not need to enter your password again for some period of time. The most common period of time is 5 minutes. After five minutes of non-use (idle time with no sudo commands) have passed, you will need to authenticate all over again.

If you want to exit early, you just use the -k flag. That resets everything and you’ll need to authenticate the next time you wish to use sudo. Conversely, if you use the -v flag, it will grant you another five minutes of authenticated time, allowing you to extend your sudo session.

There are a few other flags, but those aren’t really used often. Though, if you’re going to enter a lot of commands, you can use sudo -s and open a new shell where you have sudo privileges. That’s useful if you’re going to use a number of commands and don’t want them in your terminal scroll-back.

Closure:

There you have it, you can now answer the question: what is sudo? It’s a handy tool to have and there are uses most people probably never bothered learning. It’s there if you need it and you might as well be familiar with it.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 4 Average: 5]

Create A New User With SUDO Privileges In Ubuntu

It’s not unusual to want to create a new user with sudo privileges and it’s actually really easy. This will be just a quick article that explains how. It’s not exactly a complex operation.

This article doesn’t cover other distros! It has only been tested in a couple of Ubuntu derivatives and not all distros come with ‘adduser’. It should probably work if you install ‘adduser’ where available, but that’s entirely untested by me. Give it a shot and let me know in a comment if it works out for you.

You may want a multi-user environment, you may want different logs for different users, you may want some customization with one user, you might want to test things with a separate user, etc… There are tons of reasons for wanting a different account and wanting a new user with sudo privileges.

I shouldn’t need to mention this, but sudo stands for ‘superuser do’. Users that belong to the sudo group are pretty much omnipotent. They can access anything, change anything, and do anything they please. You’ll use sudo to do things like install software or edit system files.

Anyhow, I’ll explain how to create a new user with sudo privileges in this article. It’s a pretty easy task and you shouldn’t have much trouble with this one.

Create New User With SUDO Privileges:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

The tool we’ll be starting with is called ‘adduser‘, and the name tells you what it does. With your terminal now open, you start by entering the following to add a new user:

Once you’ve done that, you’ll be asked to type the new user’s password twice, and then you can fill in some additional information for that user. Those steps aren’t necessary, but you will want to add a password for the user – and definitely so because it’s an account that has access to sudo.

Now that you have created a new user, you’ll need to modify that user. The newly created user doesn’t come with sudo access by default, you need to grant it. The tool we’ll be using for this is ‘usermod‘ and the command to make the new account a new user with sudo privileges is:

At this point, you should be able to login and use the newly minted user account. Indeed, you should have a new user account and that new account should have sudo privileges.

CLOSURE:

See? I told you that this wouldn’t be a long or difficult article. If you want a new account and you want that account to have sudo privileges, it’s just a couple of easy commands away. This is yet another article in what’s turning out to be quite a long list of articles.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 4 Average: 5]
Subscribe To Our Newsletter
Get notified when new articles are published! It's free and I won't send you any spam.
.
Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.