Upon the setup of a new Debian system, a default root account is created. The root user has full system access and privileges and can pretty much do anything on the system that a regular user can't. Some of the tasks confined only to the root user include installing, updating, upgrading and deleting software packages, modifying configuration files, starting and stopping system services and performing server shutdown and reboots. The root user is powerful, but extremely dangerous because actions performed cannot be undone. Some commands, if issued, can render the system unusable.
To mitigate this risk, there is a need to add a new regular user and later assign root privileges to the user to perform day-to-day administrative privileges when needed. This is possible by issuing sudo before the command, which will elevate the user's privileges temporarily.
In this guide, we will cover how to create a new user and later on add a user to sudoers group on Debian.
Step 1: Login to your server
To start off, log into your Debian server as root user via SSH
# ssh root@server-IP-address
Step 2: Create a new user account
To create a new user in the Linux system, we are going to use the
adduser command followed by the username
The syntax is shown below:
# adduser username
In our case, we will add a new user called jack.
# adduser jack
This command will prompt you for the new user's password and will later require you to confirm it. Always keep in mind to set a strong password (One with a combination of Uppercase, lowercase, numerical & special characters).
Once the password has been successfully set, the command will prompt you for additional information about the user as shown below. Fill out the details where applicable and finally hit the 'Y' button on the keyboard at the tail end of the prompt to save the changes.
If you wish to leave out all of this information, simply hit
ENTER to accept the defaults.
Information about the new user is stored in the
/etc/password file. Therefore, to view information about the user run
# cat /etc/passwd
Step 3: Add the new user to sudoers group
To add the newly created user to sudoers group, use the usermod command as shown in the syntax below:
# usermod -aG sudo username
In our case, to add user Jack to sudoers group, we will run
# usermod -aG sudo jack
You can verify whether the user added to the sudo group by running the id command.
The following output indicates that the user 'jack' is added in sudo group:
# id jack
uid=1000(jack) gid=1000(jack) groups=1000(jack),27(sudo)
You can also use gpasswd command to add a user to sudo group.
In the following example I have added the user 'johnny' to sudo group using gpasswd:
# gpasswd -a johnny sudo Adding user johnny to group sudo
Note: If you are getting 'sudo: command not found' message, install sudo package using apt-get:
$ apt-get install sudo
Step 4: Testing the user with sudo
The final step is confirming if the new user has sudo privileges.
Switch to the new user as shown
# su - jack
Now, invoke the sudo command followed by any command. in this case, we will run the whoami command.
$ sudo whoami
This will be followed by a list of a few points you should bear in mind working as a root user.
You will then be prompted for the user's password and thereafter, the command will be executed.
If you want to switch back to root user you can run
sudo -i command but you have to provide root password:
$ sudo -i
In this guide, you learned how to add a user to sudoers group. As good practice, it is normally recommended to use a regular user in a server system instead of logging in as root. This avoids the likelihood of making a mistake as root user and causing irreversible damage to the server.
Your feedback is most welcome.