Home Ubuntu How To Add, Delete And Grant Sudo Privileges To Users In Ubuntu 22.04 LTS

How To Add, Delete And Grant Sudo Privileges To Users In Ubuntu 22.04 LTS

Create sudo user in Ubuntu Linux

By sk
16k views

This tutorial explains how to add, delete and grant Sudo privileges to users in Ubuntu Linux operating system. The guide is officially tested on Ubuntu 22.04 and 20.04 LTS editions. However, the steps provided below are same for other Ubuntu-based distributions such as Pop!_OS.

Before getting into the topic, let us see what is sudo and its benefits.

1. What Is Sudo?

In Linux and Unix operating systems, there is a special user called - root. The root user can do anything and everything in a Unix-like system.

Using root user for the day to day activities can be dangerous and it is not recommended. One wrong command can destroy the whole system! This is where the "sudo" comes in help.

Sudo allows the authorized users to perform tasks with root-level privileges, even if they don't know the root user password.

This is why it is important to create a regular user and add him to sudo user group to perform administrative tasks. Hence, this user can act as both regular user and administrative user when running commands prefixed with sudo.

2. Benefits Of Being Sudo

  • You don't have to share the root password with other users.
  • The users' need not to know the root user password to perform administrative tasks.
  • When doing an administrative task, the users will be prompted for the sudo password before any changes can happen in the system. It should make the users to think about the consequences of what they are doing.
  • The admin rights can be easily granted to the users and revoked at any time if they no longer required.
  • Some Linux distributions, for example Ubuntu, disables the root user by default. So there is no way to launch brute-force attacks on the root user. Even if someone try, it would be pointless. Because there is no root password to crack.
  • More importantly, the sudo session will be timed-out after a short period. Just in case if you left the terminal open after running some commands with sudo permission, the authentication automatically expires. Hence, the other users can't do any further administrative tasks. By default, the sudo password is remembered for 15 minutes in the current session. After that, you need to enter the password again.
  • You can monitor the sudo users' command line activity. sudo adds a log entry of the commands run by the users in /var/log/auth.log file. If there is a problem, you can look into those commands and try to figure out what went wrong.

These are a few advantages of being a sudo user. Now, let us go ahead and see how to add, delete and grant Sudo privileges to users in Ubuntu Linux.

First, we will create a regular user.

3. Add New User In Ubuntu Linux

First, let us create a regular user, for example "senthil".

To do so, run:

$ sudo adduser senthil

Replace "senthil" with your own username.

Sample output:

Adding user `senthil' ...
Adding new group `senthil' (1001) ...
Adding new user `senthil' (1001) with group `senthil' ...
Creating home directory `/home/senthil' ...
Copying files from `/etc/skel' ...
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: password updated successfully
Changing the user information for senthil
Enter the new value, or press ENTER for the default
	Full Name []: 
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] y
Create A New User In Ubuntu
Create A New User In Ubuntu

We just created a new user called "senthil". This user has not been given sudo access yet. So he can't perform any administrative tasks.

You can verify if an user has sudo access or not like below.

$ sudo -l -U senthil

Sample output:

User senthil is not allowed to run sudo on ubuntu2204.
Check If An User Has Sudo Access In Ubuntu
Check If An User Has Sudo Access In Ubuntu

4. Grant Sudo Privileges To Users In Ubuntu Linux

Add the newly created user to sudo group using the following command:

$ sudo adduser senthil sudo

Sample output:

Adding user `senthil' to group `sudo' ...
Adding user senthil to group sudo
Done.
Grant Sudo Privileges To Users In Ubuntu Linux
Grant Sudo Privileges To Users In Ubuntu Linux

We granted sudo permission to the user "senthil".

You can also the following command to add a user to sudo group.

$ sudo usermod -aG sudo senthil

To verify if the user is added in the sudo group, run:

$ sudo -l -U senthil

Sample output:

Matching Defaults entries for senthil on ubuntu2204:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin,
    use_pty

User senthil may run the following commands on ubuntu2204:
    (ALL : ALL) ALL
Verify If The User Is Added To The Sudo Group
Verify If The User Is Added To The Sudo Group

Here, the "(ALL : ALL) ALL" line means that the user has unlimited privileges and can run any command on the system. In our case, the "senthil" user has been added to the sudo user group . From now on, he can perform all sort of administrative tasks.

If you open the contents of the sudoers file;

$ sudo cat /etc/sudoers

You would see some lines like below.

# User privilege specification
root	ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "@include" directives:

@includedir /etc/sudoers.d

As you can see in the above output, all members of the sudo group can execute any command.

  • The first ALL is the users allowed.
  • The second ALL is the hosts. If you distribute the same "sudoers" file to many host computers, the user can do administrative commands on all hosts.
  • The third one is the user as you are running the command.
  • The last one is the commands allowed.

Note: In some Linux systems, for example Arch Linux, you need to install "sudo" package before creating a new sudo user.

# pacman -S sudo

On Debian:

# apt install sudo

On Ubuntu desktop and server editions, "sudo" is installed by default.

5. Verify Sudo Users

To verify if the user can able to perform administrative tasks, log out and log back in as the new user.

Alternatively, you can instantly switch to another user, without having to log out from the current session, like below.

$ sudo -i -u <username>

Example:

$ sudo -i -u senthil

We switched to the user "senthil".

Now, run any commands with prefix "sudo" like below.

$ sudo apt update
Run Apt Command With Sudo Permission
Run Apt Command With Sudo Permission

Yes, the user "senthil can able to run administrative commands with sudo privileges.

6. Delete Sudo Access From Users

You can remove sudo permissions from a user without having to delete him/her completely.

Caution: You must be careful when doing this in Ubuntu systems. Do not remove the real administrator from the "sudo" group. There should be at least one sudo user in the system.

First, make sure you're logged out from the user "senthil" session and logged in as another sudo user.

To revoke sudo permissions from a user (E.g. senthil), the command would be:

$ sudo deluser senthil sudo

The above command will remove the user called "senthil" from the "sudo" group.

Sample output:

Removing user `senthil' from group `sudo' ...
Done.

Please note that this command will only remove the user 'senthil' from the sudo group, but it will not delete the user permanently from the system.

Alternatively, run the following command to revoke the sudo permission from the user:

$ sudo gpasswd -d senthil sudo

Now, the user becomes a regular user and can't do any administrative tasks with sudo permission.

To verify if the user has really been removed from "sudo" group, run:

$ sudo -l -U senthil

Sample output:

User senthil is not allowed to run sudo on ubuntu2204.
Delete Sudo Access From A User Using Deluser Command
Delete Sudo Access From A User Using Deluser Command

The sudo permission has been removed from the user.

7. Delete Users Permanently

In the above step, we have only removed the users from the "sudo" group. But the user still exists in the system. To remove a user completely from a Linux system, log in as root or sudo user and run:

$ sudo deluser <username>

Example:

$ sudo deluser senthil

If you want to remove a user along with their home directory and mail spool, run:

$ sudo deluser --remove-home senthil

Sample output:

Looking for files to backup/remove ...
Removing files ...
Removing user `senthil' ...
Warning: group `senthil' has no more members.
Done.

For more details, check man pages for adduser, deluser and sudo commands.

$ man adduser
$ man deluser
$ man sudo

This guide is also available for other Linux distributions. Check the following guides to add, delete and grant sudo privileges to users in Alpine Linux, Arch Linux, CentOS and Fedora Linux distributions.

8. Conclusion

In this detailed tutorial, we looked at several important things about sudo. First, we gave you a brief introduction to sudo and its benefits. Then we discussed how to add, delete and grant sudo privileges to users in Ubuntu 22.04 LTS operating system. Finally, we saw how to revoke the sudo permission and how to delete the user permanently.

Even though, it is specifically written for Ubuntu, this method is quite same for other Ubuntu-based and DEB-based systems.

Featured Image by mohamed Hassan from Pixabay.

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More