The Ubuntu Desktop or Server is installed with default root user; even on a cloud, you will get preinstalled Ubuntu server with an inbuilt root
user. This account has full administrative access to perform administrative tasks. But sometimes, you need a different user account with root
privileges or may be fewer privileges access. The user can use the sudo
command with any command to get extra privileges.
This tutorial shows how to grant or provide sudo
privileges to a newly created user.
Getting ready
You will need a root account or an account with root privileges.
How to do it…
Follow these steps to get the root privileges with sudo
:
Add new user if required:
$ sudo adduser john
Make john
a member of sudo
group with the following command:
$ sudo adduser username sudo
How it works…
All sudo
access rules are configured in a file located at /etc/sudoers
. This file contains a list of users and groups that are allowed to use the sudo
command:
/etc/sudoers
alan ALL=(ALL:ALL)ALL // allow sudo access to user alan%sudo ALL=(ALL) ALL // allow sudo access to members of sudo
The line "satish ALL=(ALL:ALL) ALL"
defines the user “satish” with sudo
privileges, which means new user satish can run any command like any other user.
The line %sudo ALL=(ALL) ALL
defines that any member of system’s group sudo can run any command as any user.
We have to add a new user to the group sudo, and that user will automatically get sudo
privileges. After getting the sudo group membership, the user needs to log out and log back in for the changes to take effect. To effect new privileges for the user need to be restart the shell. Optionally, you have always option to go and change the sudoers file as per requirements and specific condition.
Note:
Make sure that you use the visudo
tool to make any changes to sudoers
file.
Here, we will show you how to set a password-less sudo
access and some extra benefits of sudo
.
Setting password less sudo Privileges
sudo
is very simple and useful to use temporary root
privileges, but the only thing is you need to enter the password whenever you use sudo
. This will create a problem for users who are set with no password. But you can solve this problem by setting the NOPASSWD
flag in the setting using the sudoers
file.
Open the sudoers
file with the visudo
command:
$sudo visudo
Select the line for user or group you want to allow password-less sudo
access.
Add NOPASSWD
after closing the bracket:
/etc/sudoers
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
Press Ctrl + O and then confirm with the Enter key to save the changes.
Press Ctrl + X to exit visudo
.
After doing the above configuration, a user of the group sudo can use the sudo command without entering a password. You can also use a similar setting to a specific user for providing password-less access.
The sudoers program use cache authentication for small-time generally, it is for 15 minutes. When reusing the authentication within timeout, you will notice the terminal will not ask password again, and it works like password-less sudo without setting the NO PASSWORD flag.
Other uses of sudo
In addition to running a single command with sudo
, you might want to execute a list of commands with the sudo
privileges. Then, you can open a shell with root access (# prompt
) with the command $sudo -s
. The shell environment remains same as original user, but now you can execute commands as a root user.
Alternatively, you can switch user to root with the command $sudo su -
. This command will open a new shell as a root user.
0 Comments