Creating a Sudo-Enabled User

By default, the root user is set up during the installation of Linux. This user has all rights to administer the operating system. The other users initially do not have administrator privileges. The sudo command allows authorised users to run programs in the terminal with root privileges. This article explains how to create a sudo-enabled user.

Creating Users

CentOS 7 and CentOS 8
  • Log in as the root user on the desired server.

  • To create a new user, enter the following command:
    [root@localhost ~]# adduser USERNAME
    Example:
    [root@localhost ~]# adduser johnsmith

  • To set the password of the new user, enter the following command:
    [root@localhost ~]# passwd USERNAME
    Example:
    [root@localhost ~]# passwd johnsmith

  • Enter the desired password and repeat it.

Ubuntu 18.04, Ubuntu 20.04, Debian 9 and Debian 10
  • Log in as the root user on the desired server.

  • To create a new user, enter the following command:
    [root@localhost ~]# adduser USERNAME
    Example:
    [root@localhost ~]# adduser johnsmith

  • Enter the desired password and repeat it.

  • Optional: Enter additional user information. To skip entering this information, press the Enter key.
    Changing the user information for johnsmith
    Enter the new value, or press ENTER for the default
    Full Name [ ]:
    Room Number [ ]:
    Work Phone [ ]:
    Home Phone [ ]:
    Other [ ]:
    Is the information correct? Y/n]

  • Type Y and press the Enter key.

Suse Linux
  • Log in as root user on the desired server.

  • To create a new user, enter the following command:
    localhost: ~ # useradd USERNAME
    Example:
    localhost: ~ # useradd johnsmith

  • To set the password of the new user, enter the following command:
    localhost: ~ # passwd USERNAME
    Example:
    localhost: ~ # passwd johnsmith

  • Enter the desired password and repeat it.

Test Sudo and Install (If Necessary)

  • Test to see if sudo is installed. To do this, enter the following command:
    sudo ls -la /root
    If you see the message bash: sudo: command not found, sudo is not installed.

  • If sudo is already installed, you can skip this step. To install sudo, enter the following command:

    CentOS 7 and 8
    yum install sudo -y
    Debian and Ubuntu
    apt install sudo
    Suse Linux
    zypper in sudo

Install Vim

If the Vim editor is not installed, enter the following command(s) to install it:

CentOS 7 and 8
sudo yum install vim

Ubuntu
sudo apt-get install vim

Suse Linux
sudo zypper search vim
sudo zypper install vim

Assigning Sudo Rights to a User

CentOS 7 and 8

To assign sudo privileges to a user in CentOS 7 and 8, you must add the user to the wheel group. To add the user to this group, enter the following command:

[root@localhost ~]# usermod -aG wheel USERNAME

Example:
[root@localhost ~]# usermod -aG wheel johnsmith

To check if the change was successful, enter the following command:
localhost:~ # groups USERNAME

Example:
localhost:~ # groups johnsmith


Debian and Ubuntu

To assign sudo privileges to a user in Debian and Ubuntu, you must add the user to the sudo group. To add the user to this group, enter the following command:
[root@localhost ~]# usermod -aG sudo USERNAME
Example:
[root@localhost ~]# usermod -aG sudo johnsmith
To check if the change was successful, enter the following command:
localhost:~ # groups USERNAME
Example:
localhost:~ # groups johnsmith

Suse Linux

To assign sudo privileges to a user in Suse Linux, do the following:

  • Locate the system-group-wheel and system-user-mail packages. Enter the following command:
    localhost:~ # zypper se wheel mail

  • To install the packages, enter the following commands:
    localhost:~ # sudo zypper install system-group-wheel
    localhost:~ # sudo zypper install system-user-mail

  • Open the file /etc/sudoers with the editor vim. Enter the following command:
    localhost:~ # visudo

  • Make sure that the commenting has been removed in the following lines. You may need to remove the # character at the beginning of the line:
    #Defaults targetpw # ask for the password of the target user i.e. root
    and

    #ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!

Note

The vim editor has an insert mode and a command mode. You can enter the insert mode by pressing the i key. In this mode, the entered characters are immediately inserted into the text. To enter the command mode, press the ESC key afterwards. When you use command mode, your keyboard input is interpreted as a command.

Caution.

If you only uncomment the line "Defaults targetpw" and leave the line ALL ALL=(ALL) ALL # WARNING! commented, all users will have access to the root level of the utilities by entering their own password.

  • Look for the User privilege specification entry.

  • To grant all members of the wheel group the privileges to execute all commands, you must remove the # character at the beginning of the line in the following line to uncomment it:
    # %wheel ALL=(ALL) ALL

  • To save the changes, press the escape key and then type the following command:
    :wq

  • To assign sudo privileges to a user, you must add the user to the wheel group. To add the user to this group, type the following command:
    localhost:~ # usermod -a -G wheel USERNAME
    Example:
    localhost:~ # usermod -a -G wheel johnsmith

  • To check if the change was successful, enter the following command:

    localhost:~ # groups USERNAME
    Example:
    localhost:~ # groups johnsmith

  • Create the /etc/sudoers.d/userpw file using vi. Enter the following command:
    localhost:~ # vi /etc/sudoers.d/userpw

  • Add the following entry:
    Defaults !targetpw

  • To save the changes, press the escape key and then type the following command:
    :wq

Test Sudo-capable user

To test whether the sudo permissions work, do the following:

  • To change the user, enter the following command:
    [root@localhost ~]# su USERNAME
    Example:
    [root@localhost ~]# su johnsmith

  • List the contents of the /root directory. To do this, type the following command:
    [maxmustermann@localhost root]$ sudo ls -la /root

  • The first time you use sudo in a session, you will be prompted for the user's password.

  • Enter the user's password.