How to Add , Remove and List Users In Sudoers List Linux
Author - Sanjay
Introduction
There is a SuperUser in Linux (and Unix in general) by the name of root. Working as the root user can be extremely risky because they have complete control over everything. If you type a command improperly, the system could be destroyed. By default, the root account password is locked in Ubuntu.
Table of Contents
- Introduction
- Pre-Requisistes
- What is Sudo or Root in Linux ?
- How to Add a New User and Create Home Directory
- How to test whether a user has sudo privileges or not
- How to assign a user sudo privileges
- How to find all sudo users in your system
- How to removesudo privilegesfrom a user (without deleting the user)
- Remove a User from Admin Group Linux
- Conclusion
Pre-Requisistes
A Linux server or a Desktop with root privilages.
What is Sudo or Root in Linux ?
Ubuntu locks the root account password by default. As a result, you are unable to log in as root directly or change your account's root user status using the su command. However, it is still feasible to launch programs with root-level privileges because the root account actually exists. This is where sudo comes in.
It enables allowed users to run specific applications as root without needing to know the root password (often "Administrative" users). This means that when running commands in the terminal that requires root access, you should prepend sudo before each command to run it as root.
For example, to run a command to list files as root execute:
sudo ls -ltrOuptut :-
How to Add a New User and Create Home Directory
Use the -m (--create-home) option to create the user home directory as /home/username:
sudo useradd -m tom
Ouptut :-
How to test whether a user has sudo privileges or not
If you have logged in as sudo user you can check with below command:
sudo -l -U username
Ouptut :-
Or, if you want to check for the logged in user, run blow command:
sudo -v
Ouptut :-
How to assign a user sudo privileges
In Ubuntu, sudo access is by default granted to all members of the group admin. Therefore, adding the user account to the admin group is the simplest option. Execute below command to add user to admin group:
sudo adduser username admin
Ouptut :-
Another way is to add the user to sudo. You can do it by executing below command:
sudo adduser username sudo
Ouptut:-
Now check whether user has got sudo access or not by executing below command:
sudo -l -U tom
Ouptut:-
How to find all sudo users in your system
To see complete list of all sudo users on your system, execute below command:
getent group sudo
Ouptut:-
How to removesudo privilegesfrom a user (without deleting the user)
You can remove an user from sudoers list without deleting the user by executing below command ,
sudo deluser username sudoOuptut:-
Remove a User from Admin Group Linux
Also make sure the user is not part of admin group. Use below command to remove a user from admin group.
sudo deluser tom admin
Ouptut:-
sudo adds a log entry of the command(s) run (in /var/log/auth.log). If you mess up, you can go back and see what commands were run.
Losing the ability to use the sudo command is one of the worst things that can happen to an Ubuntu System administrator, this is referred to as "broken sudo" in most cases. This has the potential to be devastating.
A broken sudo may be caused by any of the following:
• A user should not have been removed from the sudo or admin group.
• To prohibit members of the sudo or admin groups from using the sudo command to elevate their privileges to those of root, the /etc/sudoers file was modified.
• The /etc/sudoers file's permissions are not set to 0440
Conclusion
A crucial feature in Linux that enables users to run commands with elevated rights is the sudo command. Although it occasionally poses a risk, it allows users to do administrative activities without checking in as the root user.
Note:- This article has been written and published by Saurabh Kumar .