¶ Adding User
Open a terminal window with a root user and add a new user with the command:
adduser newuser
The adduser command creates a new user, plus a group and home directory for that user.
You may get an error message that you have insufficient privileges. (This typically only happens for non-root users.) Get around it by entering:
sudo adduser newuser
You can replace newuser with any username you wish. The system will add the new user; then prompt you to enter a password. Enter a great secure password, then retype it to confirm.
The system will prompt you to enter additional information about the user. This includes a name, phone numbers, etc. – these fields are optional, and can be skipped by pressing Enter.
¶ Adding User to the sudo Group
On Ubuntu, the easiest way to grant sudo privileges to a user is by adding the user to the “sudo” group. Members of this group can execute any command as root via sudo and prompted to authenticate themselves with their password when using sudo.
We’re assuming that the user already exists. If you want to create a new user, check this guide.
To add the user to the group run the command below as root or another sudo user. Make sure you change “username” with the name of the user that you want to grant permissions to.
usermod -aG sudo username
Granting sudo access using this method is sufficient for most use cases.
To ensure that the user has sudo privileges, run the whoami command:
sudo whoami
You will be prompted to enter the password. If the user has sudo access, the command will print : root
If you get an error saying “user is not in the sudoers file”, it means that the user doesn’t have sudo privileges.
¶ Adding User to the sudoers File
The users' and groups' sudo privileges are defined in the /etc/sudoers file. Adding the user to this file allows you to grant customized access to the commands and configure custom security policies.
You can configure the user sudo access by modifying the sudoers file or by creating a new configuration file in the /etc/sudoers.d directory. The files inside this directory are included in the sudoers file.
Always use visudo to edit the /etc/sudoers file. This command checks the file for syntax errors when you save it. If there are any errors, the file is not saved. If you open the file with a text editor, a syntax error may result in losing the sudo access.
Typically, visudo uses vim to open the /etc/sudoers. If you don’t have experience with vim and you want to edit the file with nano , change the default editor by running:
EDITOR=nano visudo
Let’s say you want to allow the user to run sudo commands without being asked for a password. To do that, open the /etc/sudoers file:
visudo
Scroll down to the end of the file and add the following line:
username ALL=(ALL) NOPASSWD:ALL
Save a file and quit the editor . Do not forget to change “username” with the username you want to grant access to.
Another typical example is to allow the user to run only specific commands via sudo . For example, to allow only the mkdir and rmdir commands, you would use:
username ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir
Instead of editing the sudoers file, you can accomplish the same by creating a new file with the authorization rules in the /etc/sudoers.d directory. Add the same rule as you would add to the sudoers file:
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username
This approach makes the management of the sudo privileges more maintainable. The name of the file not important. It is a common practice the name of the file to be the same as the username.