On Unix and Linux systems, the superuser account—commonly referred to as root, admin, or supervisor—holds the highest level of authority, allowing for unrestricted system-wide changes. This account is primarily used for critical administrative tasks, such as modifying file ownership or managing network ports. However, there are times when regular user accounts need to perform these sensitive operations. In such cases, elevated privileges can be granted through the use of the sudo
command, enabling these users to execute specific actions with superuser rights.
Add user to sudoers with the usermod command
In Linux, a group is a collection of accounts that can be given special or elevated permissions on the system. For example, a group can be given read permission on a file and another group read and write permissions on the same file.
To add a user account to a group, we can use the usermod command that essentially allows us to modify an existing account.
$ usermod -a -G
Where:
- The -a flag (short for append) is used to specify that we want to add a group to the specified user.
- The -G flag (short for groups) is used to specify which group we want to add.
Since most Linux distributions have a special group for sudoers, the easiest way to grant superuser privileges to a user account is to add it to this group.
Add users to sudoers in Ubuntu or Debian
sudo usermod -a -G sudo
Add users to sudoers in CentOS or Fedora
$ sudo usermod -a -G wheel
Check whether adding users to sudoers was successful
To verify that a user was successfully added to the sudoers group, we can display the content of the /etc/group file using the cat command, which contains the list of groups (and their users) registered on the system.
Add users to sudoers using the sudoers file
In Unix-like systems, user accounts and groups with sudo privileges are stored in the /etc/sudoers file, also known as the "sudo file." This file contains privilege lines, which are a list of instructions that can be edited to grant customized access to commands that a user or a group can execute or to configure custom security policies.
Use visudo to safely modify the sudoers file
Because of the sensitive nature of its content, it is highly recommended to only open it using the visudo utility — which uses the vim text editor under the hood — as it will automatically check for syntax errors before the file is saved, preventing us from ending up with a broken system where it is impossible to obtain elevated privileges.