sudo is one of the most commonly used command in Linux systems. It allows a user to run a particular program as another user, who, by default, is the super user.

It is mostly used for administrative purposes; providing limited admin access to non administrative users on a Linux PC.

For example, by default, a user is not allowed to install packages on an Ubuntu system. However, the user can do so with sudo command.

Non-root user without sudo cannot install a program. See an example failed attempt below:

apt-get install aptitude
E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?

A non-root user with sudo can install programs on the system without any issues.

sudo apt-get install aptitude
Reading package lists... Done
Building dependency tree       
....

Add existing user as a Sudo user

If a user is not part of the sudo user group, it’ll will not be able to use the sudo command. It will throw below output: 

testuser is not in the sudoers file.  This incident will be reported.

To add a user to sudoers list, use the usermod command to add an existing user to the sudo group on the system. Below is an example command.

sudo usermod -aG sudo testuser

Here the -a option means ‘append’. It makes sure existing groups’ membership of the user is not affected. -G <group_name> is for specifying which group to add the user to.

Once a user is added to the sudo group, the following message is displayed in terminal the next time this user logs in on the system.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

Create a new user with Sudo privileges

adduser is the Linux command used to create a new user. It can be used with
flag --ingroup to add the user to group sudo during creation.

sudo adduser testuser --ingroup=sudo

Restrict which commands should be allowed with sudo

The file /etc/sudoers contains configuration options for sudo command. This file is write protected directly, even for root. The only way to edit this file is using the visudo command.

sudo visudo

The above command will open the file using the nano command line editor. Scroll and find the lines below in the file.

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

The last ALL in the line can be replaced with the only command, or set of commands which should be allowed with sudo.

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) /bin/mv, /usr/sbin/visudo

Important Note: The suggested changes in the sudoers file above will restrict sudo users to only be able to execute commands mv and visudo. This is for explanatory purpose only, you don’t have to force these restrictions to sudo users on your system.

If you made any changes to the sudoers file using the instructions shared above, then make sure to save the file using Ctrl + O for the changes to be applied. You can then exit nano using Ctrl + X.

For the changes to take place, you may have to login/logout, or restart the system, or launch a new terminal window.

🍻 Cheers!