sudo is one of the most commonly used command in Linux systems. It allows a user to run a particular program as another user, who, by default, is the super user.
It is mostly used for administrative purposes; providing limited admin access to non administrative users on a Linux PC.
For example, by default, a user is not allowed to install packages on an Ubuntu system. However, the user can do so with
Non-root user without sudo cannot install a program. See an example failed attempt below:
apt-get install aptitude E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied) E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?
A non-root user with sudo can install programs on the system without any issues.
sudo apt-get install aptitude Reading package lists... Done Building dependency tree ....
Add existing user as a Sudo user
If a user is not part of the
sudo user group, it’ll will not be able to use the
sudo command. It will throw below output:
testuser is not in the sudoers file. This incident will be reported.
To add a user to sudoers list, use the
usermod command to add an existing user to the
sudo group on the system. Below is an example command.
sudo usermod -aG sudo testuser
-a option means ‘append’. It makes sure existing groups’ membership of the user is not affected.
-G <group_name> is for specifying which group to add the user to.
Once a user is added to the sudo group, the following message is displayed in terminal the next time this user logs in on the system.
To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details.
Create a new user with Sudo privileges
adduser is the Linux command used to create a new user. It can be used with
--ingroup to add the user to group sudo during creation.
sudo adduser testuser --ingroup=sudo
Restrict which commands should be allowed with sudo
/etc/sudoers contains configuration options for
sudo command. This file is write protected directly, even for root. The only way to edit this file is using the
The above command will open the file using the nano command line editor. Scroll and find the lines below in the file.
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
ALL in the line can be replaced with the only command, or set of commands which should be allowed with sudo.
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) /bin/mv, /usr/sbin/visudo
Important Note: The suggested changes in the sudoers file above will restrict sudo users to only be able to execute commands
visudo. This is for explanatory purpose only, you don’t have to force these restrictions to sudo users on your system.
If you made any changes to the sudoers file using the instructions shared above, then make sure to save the file using
Ctrl + O for the changes to be applied. You can then exit nano using
Ctrl + X.
For the changes to take place, you may have to login/logout, or restart the system, or launch a new terminal window.