Sudo is a command that allows a regular system user to run commands that only the superuser (root) can. We use the sudo command when we want to execute commands that only the root user can run as a regular, non-root user. In this article, we will show you how to add a user to sudoers in Debian 13.
Prerequisites
- A server with Debian 13
- SSH root access or a regular system user with sudo privileges
Conventions
# – given commands should be executed with root privileges either directly as a root user or by use of sudo command
$ – given commands should be executed as a regular userIn Debian 13, the sudo package is not installed or configured by default if you choose to set a root password during the installation process. If you opted not to put a root password, sudo is typically installed and ready to be used by the initial user account.
If the sudo package is installed, you will see the /etc/sudoers file in your Debian machine, which is the sudo configuration file. Using that file, we can set user or group privileges to run commands that require root privileges.
Open the sudoers file using the visudo command.
Inside the file, find the following configuration line:
%sudo ALL=(ALL:ALL) ALL
The line above is the configuration that grants access to the sudo group to run all commands.
At this point, we can use the sudo command. However, because we haven’t added the user to the sudo group, the user will still be unable to run the desired command even if they use this command.
For example, we can add a new system user now.
# adduser master
You will be prompted to create a password.
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for master
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]Now, let’s switch to the new user.
# su - masterAfter switching to the new user, we can try running the sudo command
$ sudo topAt this point, the system will prompt you to type that user’s password. Once typed, you will see this output:
[sudo] password for master:
master is not in the sudoers file.
This incident has been reported to the administrator.This means that even if the sudo package is installed, we need the privileges to run the command, and we need to be in the sudoers group. Let’s exit from the new user shell and return to root.
$ exitAs root, we can run this command.
# grep -i sudo /etc/groupThe command will print this message, indicating that the new user is not a sudoer:
sudo:x:27:Therefore, we need to add the user to the sudo group first. To add a user to a group, there are several methods.
Usermod
Usermod is a command-line tool to modify an existing system user. We can use the usermod command like this:
# usermod -aG sudo master- -aG is the command option to add a user to a group
- sudo is the group name
- master is the name of the user to be added to the group
Next, let’s review the contents of the sudo group.
# grep -i sudo /etc/groupThe command will give you an output like this:
sudo:x:27:masterIt means that we have successfully added the new user ‘master’ as a sudoer now.
Gpasswd
As an alternative to usermod, we can use gpasswd. The difference between usermod and gpasswd is that usermod expects the group name first, followed by the username. While the gpasswd command expects the username first, then the group name. For example, to add the user ‘master’ to the sudo group, we can execute this command:
# gpasswd -a master sudoReplace master with the actual system user you want to add to the sudoers group. The -a flag stands for “add.”
Visudo
Another method to add a system user to sudoer is using visudo. Visudo is a command-line tool to edit the /etc/sudoers file. The /etc/sudoers file contains a set of rules that determine which users or groups are granted sudo privileges. We can grant specific access to commands and set particular security policies simply by editing this file. As an alternative to editing the sudoers file through visudo, we can also create a new configuration file in the /etc/sudoers.d directory. The files in this directory will be included in the sudoers file.
We always need to use the visudo command to edit the /etc/sudoers file, and never edit it directly with a text editor. This visudo command will check the file for any syntax errors when saving the changes we make. If there are any errors, we cannot save the changes. Editing the file with a regular text editor can introduce syntax errors that can result in the loss of sudo access.
By default, visudo uses the vim file editor, specified by the EDITOR environment variable. If you want to edit the file with another file editor, for example nano, you can change the variable by executing this command:
EDITOR=nano visudoUser Access Level
When adding a new user or group to the sudoers file, it’s essential to specify the user or group name, the hosts they’re allowed to access, the users who can run commands, and the commands they’re allowed to run. For example, if you want to enable a user to run sudo commands without being prompted for a password, let’s open the /etc/sudoers file:
# visudoScroll down to the end of the file and add the following line:
master ALL=(ALL) NOPASSWD:ALLMake sure to replace “master” with the system user that exists on your Debian 13 machine. And, do not forget to save the file and exit the editor. We can use the NOPASSWD tag to allow executing certain commands without prompting for the user’s password, which can be useful for automation, but this can also increase security vulnerabilities.
If, for some reason, you want the sudoers to run only certain commands through sudo, let’s say to run only the mkdir and rmdir commands, you would use:
master ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdirAs informed earlier, rather than modifying the sudoers file directly through the visudo command, you can achieve the same result by creating a new file with authorization rules in the /etc/sudoers.d directory. Simply add the same rules you included in the sudoers file:
# echo "master ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/masterThis method simplifies the management of sudo privileges. While the file name under the directory /etc/sudoers.d/ itself isn’t crucial, it’s a common convention to name the file after the username.
Conclusion
Congratulation! At this point, you have successfully learned how to add a user to sudoers in Debian 13.
If you are one of our web hosting customers and use our managed Debian Hosting, you don’t have to follow this tutorial and add a user to sudoers in Debian 13 yourself; our Linux admins will do this for you. They are available 24×7 and will take care of your request immediately. Simply submit a ticket.
PS. If you liked this post, please share it with your friends or simply leave a reply below.