Kenno's openNOTE

My Programming Weblog

HOWTO add user to sudoers list in Debian/Ubuntu

with 14 comments

You need to have root access to do that. So the first step to become root with the following command:

ken@debian:~$ su
Password:
debian:/home/ken# visudo

Now you can add a username to the list. For example:

ken ALL=(ALL) ALL

Save the file to complete the process.

Credit: Ubuntu Forum

Written by kenno

January 27, 2009 at 1:26 am

Posted in Debian, Tips

Tagged with , ,

«
»

14 Responses

Subscribe to comments with RSS.

  1. I don’t recommend you to do that, only if you REALLY have to. Line “ken ALL=(ALL) ALL” gives ken full root access. “ALL=(ALL) ALL” means that user can run any command on any host as any user, so he has root access,. If you do that ken can run all the same commands root can and he can access all the same files root can. So ken can even wipe out the whole system. Remember also that if you have this in the /etc/sudoers

    ken ALL=(ALL) ALL
    bob ALL=(ALL) ALL

    Now both ken and bob have root access. ken can access bob’s files and bob can access ken’s files. They can even write to files and remove files no matter what access rights you set. because they both have root access. So all privacy is lost.

    And imagine what will happens if you use ken or bob as a regular username for everyday tasks, then your password is leaked to wrong hands…

    Sudo was meant to be used so that you give user access to SOME of the commands which need root access. Sudo was not meant to be used as a full root replacement.

    You can give user access to specific command eg. his way:

    ken ALL = /usr/bin/apt-get

    Now ken can only use apt-get, he can’t do anything else which needs root access,

    I recommend you to read sudo and sudoers man pages:

    $ man sudo
    $ man sudoers

    miksuh

    January 27, 2009 at 11:17 pm

    Reply

  2. A small addition. If you have this in the /etc/sudoers

    ken ALL=(ALL) ALL
    bob ALL=(ALL) ALL

    Then bob can even change ken’s password and then ken can’t even login anymore.

    miksuh

    January 27, 2009 at 11:20 pm

    Reply

  3. Well ofcourse ken does not need to be in /etc/sudoers in that last example

    miksuh

    January 27, 2009 at 11:29 pm

    Reply

  4. Thanks Miksuh. You brought up a very important point. I’ve never considered this ‘lost of privacy’ case as I’ve been a sole user of my Linux box.

    Recently, I’ve successfully convinced my company to run a Linux server internally. I’ll follow your recommendation to read more about sudo/sudoers.

    kenno

    January 28, 2009 at 1:38 am

    Reply

  5. Very helpful, running a vps myself and want to be able to give access to some people. This will help :)

    Jordan

    May 30, 2009 at 12:30 pm

    Reply

  6. As a service provider this is quite a nice way of handing the customer a root-capable account, yet keeping the main root password as a fall back. It also encourages them to sudo first rather than using root daily as this is a bit dangerous.

    I realise they could actually change the root password, but keeping root access from the customer isn’t the aim.

    Thanks.

    Richard

    September 2, 2009 at 5:18 pm

    Reply

  7. miksuh, you pointed out the 1st pitfall everyone does when using sudoers. thanks for the enlightenment !

    Majed

    October 14, 2009 at 1:38 pm

    Reply

  8. A good way to grant root access without having it ‘always on’ is adding the entry

    user ALL= /bin/su

    This allows you to execute the command

    $ sudo su

    and enter your password to temporarily become root. Typing ‘exit’ at the shell will return the user to their regular username and status.

    Now, mind you, this will still allow a user complete reign over the system, but hopefully will make them stop and think about what they’re doing first.

    trock

    February 8, 2010 at 6:15 pm

    Reply

  10. Hey there! I work for BeyondTrust. We’ve got a great white paper you can download for free that points out some of the issues/challenges/problems with using Sudo to manage root. Check it out: http://www.beyondtrust.com/WhitePapers/How_Secure_Is_Your_sudo.aspx?section=White-Papers

    Kimberly Armstrong

    January 5, 2011 at 11:03 pm

    Reply

  11. it shows root=(ALL) ALL
    so should add my self there
    example
    Hacker=(ALL) ALL???

    de

    August 31, 2011 at 10:15 am

    Reply

  12. I would rather leave the default /etc/sudoers file as is and add the user you want to give all privs to sudoers group. As root you can: usermod -a -G sudo USERNAME

    Joey

    November 20, 2011 at 4:27 pm

    Reply

  13. hey chup my conch maderfaker!!!!

    pedrito el pistolero

    December 15, 2011 at 1:50 pm

    Reply

  14. not work , sudo: unknown defaults entry

    sdifgu

    May 28, 2012 at 5:52 pm

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.