How to Add a User to Sudoers on Debian

add user sudoers debian

Upon the setup of a new Debian system, a default root account is created. The root user has full system access and privileges and can pretty much do anything on the system that a regular user can't. Some of the tasks confined only to the root user include installing, updating, upgrading and deleting software packages, modifying configuration files, starting and stopping system services and performing server shutdown and reboots. The root user is powerful, but extremely dangerous because actions performed cannot be undone. Some commands, if issued, can render the system unusable.

To mitigate this risk, there is a need to add a new regular user and later assign root privileges to the user to perform day-to-day administrative privileges when needed. This is possible by issuing sudo before the command, which will elevate the user's privileges temporarily.

In this guide, we will cover how to create a new user and later on add a user to sudoers group on Debian.

Step 1: Login to your server

To start off,  log into your Debian server as root user  via SSH

# ssh root@server-IP-address

Step 2: Create a new user account

To create a new user in the Linux system, we are going to use the adduser command followed by the username

The syntax is shown below:

# adduser  username

In our case, we will add a new user called jack.

#  adduser jack

This command will prompt you for the new user's password and will later require you to confirm it. Always keep in mind to set a strong password (One with a combination of Uppercase, lowercase, numerical  & special characters).

Sample output

add a new user on Debian 10

Once the password has been successfully set, the command will prompt you for additional information about the user as shown below. Fill out the details where applicable and finally hit the 'Y' button on the keyboard at the tail end of the prompt to save the changes.

If you wish to leave out all of this information, simply hit ENTER to accept the defaults.

adduser prompts for user information

Information about the new user is stored in the /etc/password file. Therefore, to view information about the user run

# cat /etc/passwd

Step 3: Add the new user to sudoers group

To add the newly created user to sudoers group, use the usermod command as shown in the syntax below:

# usermod -aG sudo username

In our case, to add user Jack to sudoers group, we will run

# usermod -aG sudo jack

You can verify whether the user added to the sudo group by running the id command.

The following output indicates that the user 'jack' is added in sudo group:

# id jack
uid=1000(jack) gid=1000(jack) groups=1000(jack),27(sudo)

You can also use gpasswd command to add a user to sudo group.

In the following example I have added the user 'johnny' to sudo group using gpasswd:

# gpasswd -a johnny sudo
Adding user johnny to group sudo

Note:  If you are getting 'sudo: command not found' message, install sudo package using apt-get:

$ apt-get install sudo

Step 4: Testing the user with sudo

The final step is confirming if the new user has sudo privileges.

Switch to the new user as shown

# su - jack

Now, invoke the sudo command followed by any command. in this case, we will run the whoami command.

$ sudo whoami

This will be followed by a list of a few points you should bear in mind working as a root user.

You will then be prompted for the user's password and thereafter, the command will be executed.

Sample output

add a user to sudoers group

If you want to switch back to root user you can run sudo -i command but you have to provide root password:

$ sudo -i

Closing thoughts

In this guide, you learned how to add a user to sudoers group. As good practice, it is normally recommended to use a regular user in a server system instead of logging in as root. This avoids the likelihood of making a mistake as root user and causing irreversible damage to the server.

Your feedback is most welcome.

7 Comments... add one

  1. If you get an error about SUDO then you need to apt install sudo

    For some reason with Debian 10.0 lacks this by default.


Leave a Comment