How to Add User to Sudoers in Debian 12

by
How to add user to sudoers in Debian 12

Sudo (superuser do) is a command utility allowing trusted users to run commands as root. It is necessary to run a program requiring root access. Only certain users in the sudo/wheel group can do it. If an unauthorized user attempts to run a command, sudo will notify the administrator via email. By default, this warning notification is saved to the root account. Any user running the command will be prompted for a password. Once authenticated, sudo will create a timestamp for that user. From then on, the user can execute commands for five minutes. Once five minutes have passed, the user will be prompted for a password. If you need to overwrite this grace period, you can do so by changing the settings in the /etc/sudoers file. In this article, we will show you how to add user to sudoers in Debian 12 in a step-by-step guide.

Prerequisites to add user to Sudoers in Debian 12

  • Debian 12
  • SSH root access or a normal system user with sudo privileges

Conventions

# – given commands should be executed with root privileges either directly as a root user or by use of sudo command
$ – given commands should be executed as a regular user

Login to the server

First, log in to your Debian 12 server through SSH as the root user:

ssh root@IP_Address -p Port_number

You have to replace ‘IP_Address‘ and ‘Port_number‘ with your server’s respective IP address and SSH port number. Replace ‘root’ with your other Debian 12 system user with sudo privileges.

You can check whether you have the proper Debian version installed on your server with the following command:

# lsb_release -a

You should get the following output:

No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm

Add User to Sudoers File

The file at /etc/sudoers contains a set of rules that determine which users or groups have sudo privileges. This file allows you to grant specific access to commands and set custom security policies. You can configure user access by editing the sudoers file or creating a new configuration file in the /etc/sudoers.d directory. The sudoers file called these files in this directory.

Always use the visudo command to edit the /etc/sudoers file; do not edit it with a text editor directly. This command checks the file for syntax errors when you save it. If there are any errors, the file is not saved. If you edit the file with a plain text editor, syntax errors can result in the loss of sudo access.

Visudo uses the editor specified by the EDITOR environment variable; it uses Vim by default. If you want to edit the file with nano, change the variable by running:

# EDITOR=nano visudo

When adding new users or groups to the sudoers file, it is essential to specify the name of the user or group, the hosts, the users they can run commands as, and the commands to execute. Let’s say you want to allow a user to run sudo commands without being prompted for a password. To achieve this, let’s open the /etc/sudoers file:

# visudo

Scroll down to the end of the file and add the following line:

username ALL=(ALL) NOPASSWD:ALL

Replace “username” with an existing system user on your Debian 12 machine. Next, save the file and exit the editor. We can use the NOPASSWD tag to execute certain commands without prompting for the user’s password, which can be beneficial for automation but may increase security vulnerabilities.

Another example is to allow a user to run only certain commands through sudo. For example, to allow only the mkdir and rmdir commands, you would use:

username ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir

Instead of editing the sudoers file, you can do the same thing by creating a new file with authorization rules in the /etc/sudoers.d directory. Add the same rules that you added to the sudoers file:

# echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username

This approach makes managing sudo privileges more tractable. The file name is unimportant, but it is common practice to name the file according to the username.

Add User to Sudo Group

Besides using the visudo command to add users to sudoers, we can also use another tool called “usermod”. Usermod is a command that modifies user accounts on a Linux system. To add a user to the sudo group using the usermod tool command, execute the following:

# usermod -aG sudo username

Explanation:

The command "usermod" is employed to modify an existing user account.
The options "-aG" indicate that the command should add the user to a specified group.
The "-a" option permits the user to be added to the group without losing membership in their current groups, while the "-G" option specifies the group for the addition. It is crucial that these two options are always used together.
The group "sudo" is included with the aforementioned options; although "sudo" is used here, it can be replaced with any other group. 
The term "username" refers to the user account that is to be added to the sudo group.

So, if you have an existing system user called “master”, you can add it to sudoers by running this command:

# usermod -aG sudo master

Congratulations! You’ve learned how to add user to Sudoers in Debian 12

That’s it all! You can log in to your server as “master” and run sudo commands now.

Congratulation! You have learned how to add user to sudoers. Please note that it is important and crucial to restrict sudo privileges to reduce potential security vulnerabilities. It is also important to assign permissions that are strictly required for specific tasks while steering clear of broad access whenever feasible. Implement command aliases to define permitted commands and utilize user aliases to categorize permissions based on roles rather than individuals, thereby promoting a more scalable and manageable system.

Of course, if you are one of our Debian Hosting customers, you don’t have to add user to sudoers on your Debian server – simply ask our admins, sit back, and relax. Our admins will help you add user to sudoer immediately upon request. Our experienced system administrators are available 24×7 and will take care of your request immediately, and all you need to do is to submit a ticket.

If you liked this post about how to add user to sudoers on Debian 12, please share it with your friends on the social networks using the share buttons below, or simply leave a comment in the comments section. Thanks.

Leave a Comment