How can I add a user as a new sudoer using the command line?

Question

After I add a user using adduser, I can't see it via System > Administration > Users and Groups unless I log out and then log in again. Is that normal?

Also, can I set a newly added user as a sudoer or do I have to change that only after adding it? How can I do that via the shell?

Finally, can I delete the original user that was created upon initial installation of Ubuntu, or is this user somehow 'special'?

ændrük · Accepted Answer · 2014-04-23T20:57:12.387

1173

Just add the user to the sudo group:

sudo adduser <username> sudo

The change will take effect the next time the user logs in.

This works because /etc/sudoers is pre-configured to grant permissions to all members of this group (You should not have to make any changes to this):

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

As long as you have access to a user that is in the same groups as your "original" user, you can delete the old one.

Realistically, there are also other groups your new user should be a member of. If you set the Account type of a user to Administrator in Users Settings, it will be placed in at least all of these groups:

adm sudo lpadmin sambashare

Because your system configuration may vary, I suggest taking a look at the output of groups <username> to see what groups are normally in use.

edited Apr 23 '14 at 20:57

answered Oct 15 '10 at 12:35

ændrük

75,636
74
233
365

Thanks, but if I add my user to `admin` I can later add myself to any other groups as well, right? – David B Oct 15 '10 at 12:44
Anybody who has root privileges can add himself to any group. If you give someone full sudo privileges, that is what you get, does not matter if as user or as member of admin. If you want to give less privileges, you need to specify this in the sudoer file – txwikinger Oct 15 '10 at 12:49
1

@Dziamid I'm not sure what the `sudo` group is for. [Let's find out.](http://askubuntu.com/questions/43317/what-is-the-difference-between-the-sudo-and-admin-groups) – ændrük May 17 '11 at 01:49
8

Please note that the `admin` group doesn't exist in 12.04 LTS. – rxgx Jun 12 '12 at 01:10
There exists admin group in Ubuntu 12.04.02 LTS. And adding the user in that adm group in file /etc/group will help. – Shyamkkhadka May 31 '13 at 10:00
16

this didn't work for me. still can't use sudo. – chovy Oct 31 '13 at 07:37
if you can't run sudo because of sudoer, you should boot under recovery mode and run this command. – user702846 Jan 01 '15 at 17:40
13

Had to log in again for it to work. – PeterM Jun 09 '15 at 08:06
1

Is username a new user you're creating or an existing user that is somewhere that exists already? – PositiveGuy Jan 03 '16 at 04:15
1

FYI doesn't work out of the box on centos 6 – jheriko Mar 08 '16 at 16:02
On ubuntu 16 I had to do `sudo adduser myuser && sudo adduser myuser root` – Kris Aug 18 '16 at 10:23
1

@Kris, perhaps you mean `sudo adduser myuser && sudo adduser myuser sudo` – H2ONaCl Feb 09 '17 at 18:42
@H2ONaCl I believe you are correct, as looking at my local machine (Ubuntu 16), I have a sudo, but not root group, which makes sense. – Kris Feb 10 '17 at 09:51
Um... important note: if *you* are the user you want to add to sudo, you need to *first* perform su to get into sudo mode (using the root password). Then you can issue sudo adduser command. – Jay Marm Mar 01 '19 at 20:44
lol, I get "xy is not in the sudoers file. This incident will be reported". Why does it not ask me for the sudo password to see if I am the admin? – Black Sep 17 '21 at 09:45
I also had to `groupadd sudo` – Nicolai Weitkemper Nov 17 '22 at 17:02

score 235 · Answer 2 · edited Apr 13 '17 at 12:25

235

I did

sudo usermod -a -G sudo <username>

as recommended here.

edited Apr 13 '17 at 12:25

Community

1

answered Nov 21 '13 at 14:25

Leszek

2,891
1
18
17

39

group sudo does not exist – Aaron Esau Sep 02 '16 at 03:55
The only working solution here. Ubuntu 16 – Makan Sep 27 '17 at 21:47
6

For an existing user, this is the correct solution. It should be marked as the answer. – Yokai Nov 13 '17 at 06:30
3

Do not forget `-a` flag or you will remove user from all groups except `sudo` – alexandre-rousseau Aug 28 '18 at 15:51
@RousseauAlexandre absolutely! most important, especially if you are trying to add yourself to a non-sudo group and you're the only one on the machine with sudo privileges... `without -a you just removed yourself from the sudo group!` – Timothy L.J. Stewart Dec 06 '18 at 18:57
1

This isn't the answer, the answer is to add the line ALL=(ALL) ALL to sudoers file via the visudo command. – Owl Jan 07 '19 at 18:51

score 94 · Answer 3 · edited Jun 11 '17 at 12:33

94

Open the sudoers file: sudo visudo will open the /etc/sudoers file in the editor defined in $EDITOR (probably GNU nano - set the variable if it's not what you want, eg export EDITOR="nano" and try sudo visudo again).

Add the below line to the end of the file.

username ALL=(ALL) ALL   # Change the user name before you issue the commands

Then perform WriteOut with Ctrl + O. The editor will ask you for the file name to write into. The default will be a temporary file that's used by visudo to check for syntax errors before saving to the actual sudoers file. Press Enter to accept it. Quit the nano editor with Ctrl + X.

Done!

edited Jun 11 '17 at 12:33

Zanna

69,223
56
216
327

answered Mar 16 '12 at 04:53

Mithun Sreedharan

3,059
3
21
24

11

It would be inadvisable to explicitly add a single user to the sudoers file instead of simply adding that user to the appropriate group `sudo`. – Kzqai May 05 '14 at 18:56
3

with sudo visudo you can output to /etc/sudoers.tmp, when leaving the editor it will overwrite /etc/sudoers by itself – Climbatize Apr 02 '15 at 19:44
1

and visudo will verify the syntax to make sure there are no errors – mchid Jun 29 '15 at 09:32
syntax error if using this . – jheriko Mar 08 '16 at 16:04
2

The other solutions work great for OSs with a built in `sudo` group, but for the occasional system without a dedicated `sudo` group, this solution works. The only recommendation I have is you may want to avoid putting `sudo` itself inside the procedure, as it may not be setup yet! Easy to workaround by doing `su -` and then simply `visudio`. This works on Gentoo. – tresf Feb 16 '18 at 18:21
1

Should I also add ` ALL=(ALL) NOPASSWD: ALL` ? – alper Dec 26 '21 at 19:08
Also, if you're trying to edit /etc/sudoers directly, you should consider adding a file to /etc/sudoers.d/ instead - see https://superuser.com/questions/869144/why-does-the-system-have-etc-sudoers-d-how-should-i-edit-it – Minkus Oct 03 '22 at 11:58

score 32 · Answer 4 · edited Oct 08 '15 at 09:37

One thing I have to add that I'm sure a lot of people don't understand:

Once you have already done a adduser "username", you can still come back and do a adduser "username" sudo, and it will then add that user to the group properly.

It actually won't work the first time around like sudo adduser username sudo. It will give you an error. Which in summary means you must first make the user account before you can add them to a group.

jowan sebastian · Answer 5 · 2016-03-09T10:26:24.423

16

on CentOS, I do as root

echo ' username ALL=(ALL)   ALL' >> /etc/sudoers

edited Mar 09 '16 at 10:26

answered Mar 03 '16 at 19:03

jowan sebastian

332
2
8

Sandeep · Answer 6 · 2017-01-03T16:24:36.530

15

The following snippet grants root access to username without explicitly logging in as root.

Make sure that the user is added to sudo group first. Tested on Ubuntu 16.04.1 LTS.

sudo adduser username sudo
sudo sh -c "echo 'username ALL=NOPASSWD: ALL' >> /etc/sudoers"

edited Jan 03 '17 at 16:24

answered Dec 29 '16 at 14:26

Sandeep

590
4
5

does this work on Ubuntu ? – jowan sebastian Jan 03 '17 at 11:29
1

Yes checked on Ubuntu 16.04 – Sandeep Feb 11 '17 at 08:44
4

why not in one line: ```useradd -m username --groups sudo``` – aidanmelen Aug 12 '17 at 19:35

txwikinger · Answer 7 · 2010-10-15T12:53:09.223

12

All members of the group admin, are in Ubuntu by default allowed to use sudo, so the easiest way is to add the user account to the admin group.

If you do not want to give the user account full root access, you need to edit the /etc/sudoer file with visudo (it makes sure that you do not have any syntax errors in the file and lose sudo capability altogether) in a way that you specify what commands this user (or a new group) can execute as root.

The sudoer manual will give you more information about this. You can specify which commands are permitted by a particular user/group to be executed as root.

edited Oct 15 '10 at 12:53

answered Oct 15 '10 at 12:34

txwikinger

27,944
10
78
101

1

I thought that was what the `wheel` group was for? – Marco Ceppi Oct 15 '10 at 13:05
@Marco I'm not familiar with that. Can you explain a little more? – ændrük Oct 15 '10 at 13:19
@MarcoCeppi, the wheel group was used on some systems to restrict what users could use `su`. Ubuntu uses `sudo` and the admin group. – psusi Nov 17 '11 at 15:03

How can I add a user as a new sudoer using the command line?

7 Answers7

Linked

Related