HOWTO add user to sudoers list in Debian/Ubuntu
You need to have root access to do that. So the first step to become root with the following command:
ken@debian:~$ su
Password:
debian:/home/ken# visudo
Now you can add a username to the list. For example:
ken ALL=(ALL) ALL
Save the file to complete the process.
Credit: Ubuntu Forum
I don’t recommend you to do that, only if you REALLY have to. Line “ken ALL=(ALL) ALL” gives ken full root access. “ALL=(ALL) ALL” means that user can run any command on any host as any user, so he has root access,. If you do that ken can run all the same commands root can and he can access all the same files root can. So ken can even wipe out the whole system. Remember also that if you have this in the /etc/sudoers
ken ALL=(ALL) ALL
bob ALL=(ALL) ALL
Now both ken and bob have root access. ken can access bob’s files and bob can access ken’s files. They can even write to files and remove files no matter what access rights you set. because they both have root access. So all privacy is lost.
And imagine what will happens if you use ken or bob as a regular username for everyday tasks, then your password is leaked to wrong hands…
Sudo was meant to be used so that you give user access to SOME of the commands which need root access. Sudo was not meant to be used as a full root replacement.
You can give user access to specific command eg. his way:
ken ALL = /usr/bin/apt-get
Now ken can only use apt-get, he can’t do anything else which needs root access,
I recommend you to read sudo and sudoers man pages:
$ man sudo
$ man sudoers
A small addition. If you have this in the /etc/sudoers
ken ALL=(ALL) ALL
bob ALL=(ALL) ALL
Then bob can even change ken’s password and then ken can’t even login anymore.
Well ofcourse ken does not need to be in /etc/sudoers in that last example
Thanks Miksuh. You brought up a very important point. I’ve never considered this ‘lost of privacy’ case as I’ve been a sole user of my Linux box.
Recently, I’ve successfully convinced my company to run a Linux server internally. I’ll follow your recommendation to read more about sudo/sudoers.
Very helpful, running a vps myself and want to be able to give access to some people. This will help
As a service provider this is quite a nice way of handing the customer a root-capable account, yet keeping the main root password as a fall back. It also encourages them to sudo first rather than using root daily as this is a bit dangerous.
I realise they could actually change the root password, but keeping root access from the customer isn’t the aim.
Thanks.
miksuh, you pointed out the 1st pitfall everyone does when using sudoers. thanks for the enlightenment !