Tag: sudoers

Add User To The ‘sudoers’ Group

Today we’ll have a pretty straightforward article that’s meant for those who want to add a user to the ‘sudoers’ group. I have tested this in Ubuntu, specifically in Lubuntu, and it works. It shouldn’t be a complicated article, one easy enough for anyone to follow.

I am not 100% certain if this will work in other distros, so comment and let me know if it works with others. It should work in Debian, the official Ubuntu flavors, Mint, POP!_OS, ElementaryOS, and more. That much I’m pretty confident of, but I’ve done limited testing.

This article is going to assume you’re using ‘nano’ as your default text editor. That’s important for this, otherwise, you’ll need to change the directions to match your text editor of choice.

Let’s Install Nano (With Some Bonus Information)

We’ll be using a tool known as ‘visudo’. The man page defines it as:

visudo — edit the sudoers file

It’s important to use visudo to edit the sudoers file because it checks for errors and will prevent you from making syntax errors. It can’t correct bad information, but it can prevent you from making some basic mistakes.

What is the ‘sudoers’ file? 

Well, simply put, that’s the file that decides who has the rights to access sudo, and what rights they have to do so. A sudo user has administrative privileges, that is the ability to edit files that can’t be edited by a regular user. The sudo users can do things like change system files, change system settings, and add or remove software. They’re administrators (though you technically can give them limited rights, which is a topic for another article) so to speak.

So, What Is ‘sudo’ Anyhow?

You should make good choices when deciding which accounts have sudo access. They, at least by default, have the keys to the kingdom. A user with sudo access has complete control over the system. This isn’t always a good thing.

Many distros, including Ubuntu, use sudo instead of a root account. Root also has the keys to the kingdom. It’s a good way to view sudo as temporarily elevating the user’s rights to that of the root user. It should be obvious why this is beneficial.

Most of us don’t want our account to have root access all the time because it stops us from editing files we might not want to access – and the software we use also only has our regular user’s limited access to the system. Some folks are into running as root, and some distros have root enabled by default. The great thing about Linux is the choices available, including choices about security.

How To: Enable The Root Account in Ubuntu
How To: Graphically Login as Root in Ubuntu

(It’s generally suggested you not follow the directions given at those two URLs, but I’m a big fan of choice and of sharing information. So, you can do what you want. I do ask that you be careful and be a good netizen.)

That’s what we’ll be doing today. We’ll be learning how to add a user to the ‘sudoers’ group (file I suppose). Those user accounts will then have sudo access, the keys to the kingdom. There are a ton of valid reasons for doing this, and some not-so-good reasons. It’s your device. You do you!

Add A User To The ‘sudoers’ Group:

Yes, this article requires a terminal. I don’t know of a GUI way to accomplish this task. I’m sure there is one, but I don’t know. If you know of one, feel free to add a comment. Otherwise, press CTRL + ALT + T and your terminal should pop open.

With your terminal now open, you can easily just run the following command:

Of course, that’s the easy way…

If you want, you can manually edit the sudoers file. You’ll want to know how to do this if you only want to give the user elevated permissions to certain directories or files. So, I’ll include that. We can use this article as a reference article for a future article.

To manually edit the sudoers file,  you just run the following command:

You’ll then add the following line at the bottom of the file:

Replace the obvious with the obvious, as always. Be extra careful to avoid typographical errors. Then, you’ll save the file. As we’re using nano, the process to save the file is pressing CTRL + X, then Y, and then ENTER – and that should save the file. Congrats, you now know how to add a user to the ‘sudoers’ file.

Closure:

Well, it’s another article. As I mentioned, there are legitimate reasons to add a user to the sudoers file. There are also legitimate reasons for not doing so. It depends on you and your circumstances – and your computing goals are your own. This is Linux. We can do what we want!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Use visudo To Edit The sudoers File

Today’s article may take a different format than most, as it’s just an article telling you to use visudo to edit the sudoers file. This type of article doesn’t lend itself to my normal formatting and should be considered akin to a Public Service Announcement. 

So, let’s start with the basics:

What Is The sudoers File?

Very simply, the sudoers file is the file on your system that decides who has permission to use elevated permissions via sudo. The sudoers file is pretty important and it’s easy to make mistakes while editing it. Fortunately, there’s some protection you can use while editing the sudoers file.

If you’re curious, we normally recommend using sudo instead of using root because sudo only gives the command elevated permissions while root always has elevated permissions. Those folks reading my site are generally fairly new to Linux and, as such, I strongly suggest using sudo instead of just logging in as root. Sure, it’s more of a hassle, but it’ll help save you from yourself.

What is visudo?

The visudo command will open your sudoers file with your default text editor. In many cases that will be Vim, but Nano is starting to be the default for more distros. I prefer the latter.

The visudo command defines itself like so:

visudo — edit the sudoers file

Further, and helpfully, you’ll find this in the description:

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors before installing the edited file. If the sudoers file is currently being edited you will receive a message to try again later.

So, as you can see, using visudo will help protect you from mistakes.

NOTE: While visudo can save you from syntax mistakes, it will do nothing to prevent you from entering the wrong information. If you open a second terminal and pre-authenticate for sudo, and do so quickly enough, you can then use that second terminal to fix it (re-editing the sudoers file).

Use visudo To Edit The sudoers File:

The sudoers file is located at /etc/sudoers and is a plain text file. It’s just a configuration file, like so many other configuration files. But, as described above, it’s a very important file. It’s also possible to mount the drive with a live Linux instance to edit the file, but that’s not something I’d recommend. Besides, if you use visudo to edit the sudoers file that shouldn’t be a problem.

You don’t need to specify anything when you want to edit the sudoers file. You don’t have to specify the file’s location. The visudo command knows where your sudo file is (unless you’ve modified this, as you can make a second config file and edit that) all by itself. If you want to use visudo to edit the sudoers file, you simply need this command in your favorite terminal:

The very first line of that file says this:

This file MUST be edited with the ‘visudo’ command as root.

I realize what it says, but in this case, you can replace ‘root’ with ‘sudo’ which will elevate your permissions to those of root. So, we’re sort of still using root to edit the file, but we’re technically just using sudo.

Closure:

There is my PSA about using visudo to edit that sudoers file. You must do so, especially if you’re new. You might be able to avoid a syntax error, but there’s no reason to not use visudo which will check for that sort of stuff.

I suppose the name comes from a time when Vi was still popular and it’s not a complete solution. You can still enter garbage and get garbage results. If you’re unprepared for the potential consequences, you might want to avoid editing the sudoers file until you’ve gained some confidence and have more familiarity with the tools Linux provides.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Subscribe To Our Newsletter
Get notified when new articles are published! It's free and I won't send you any spam.
.
Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.