HOWTO add user to sudoers list in Debian/Ubuntu

You need to have root access to do that. So the first step to become root with the following command:

ken@debian:~$ su
Password:
debian:/home/ken# visudo

Now you can add a username to the list. For example:

ken ALL=(ALL) ALL

Save the file to complete the process.

Credit: Ubuntu Forum

About these ads
Tagged , ,

14 thoughts on “HOWTO add user to sudoers list in Debian/Ubuntu

  1. miksuh says:

    I don’t recommend you to do that, only if you REALLY have to. Line “ken ALL=(ALL) ALL” gives ken full root access. “ALL=(ALL) ALL” means that user can run any command on any host as any user, so he has root access,. If you do that ken can run all the same commands root can and he can access all the same files root can. So ken can even wipe out the whole system. Remember also that if you have this in the /etc/sudoers

    ken ALL=(ALL) ALL
    bob ALL=(ALL) ALL

    Now both ken and bob have root access. ken can access bob’s files and bob can access ken’s files. They can even write to files and remove files no matter what access rights you set. because they both have root access. So all privacy is lost.

    And imagine what will happens if you use ken or bob as a regular username for everyday tasks, then your password is leaked to wrong hands…

    Sudo was meant to be used so that you give user access to SOME of the commands which need root access. Sudo was not meant to be used as a full root replacement.

    You can give user access to specific command eg. his way:

    ken ALL = /usr/bin/apt-get

    Now ken can only use apt-get, he can’t do anything else which needs root access,

    I recommend you to read sudo and sudoers man pages:

    $ man sudo
    $ man sudoers

  2. miksuh says:

    A small addition. If you have this in the /etc/sudoers

    ken ALL=(ALL) ALL
    bob ALL=(ALL) ALL

    Then bob can even change ken’s password and then ken can’t even login anymore.

  3. miksuh says:

    Well ofcourse ken does not need to be in /etc/sudoers in that last example

  4. kenno says:

    Thanks Miksuh. You brought up a very important point. I’ve never considered this ‘lost of privacy’ case as I’ve been a sole user of my Linux box.

    Recently, I’ve successfully convinced my company to run a Linux server internally. I’ll follow your recommendation to read more about sudo/sudoers.

  5. Jordan says:

    Very helpful, running a vps myself and want to be able to give access to some people. This will help :)

  6. Richard says:

    As a service provider this is quite a nice way of handing the customer a root-capable account, yet keeping the main root password as a fall back. It also encourages them to sudo first rather than using root daily as this is a bit dangerous.

    I realise they could actually change the root password, but keeping root access from the customer isn’t the aim.

    Thanks.

  7. Majed says:

    miksuh, you pointed out the 1st pitfall everyone does when using sudoers. thanks for the enlightenment !

  8. trock says:

    A good way to grant root access without having it ‘always on’ is adding the entry

    user ALL= /bin/su

    This allows you to execute the command

    $ sudo su

    and enter your password to temporarily become root. Typing ‘exit’ at the shell will return the user to their regular username and status.

    Now, mind you, this will still allow a user complete reign over the system, but hopefully will make them stop and think about what they’re doing first.

  9. Hey there! I work for BeyondTrust. We’ve got a great white paper you can download for free that points out some of the issues/challenges/problems with using Sudo to manage root. Check it out: http://www.beyondtrust.com/WhitePapers/How_Secure_Is_Your_sudo.aspx?section=White-Papers

  10. de says:

    it shows root=(ALL) ALL
    so should add my self there
    example
    Hacker=(ALL) ALL???

  11. Joey says:

    I would rather leave the default /etc/sudoers file as is and add the user you want to give all privs to sudoers group. As root you can: usermod -a -G sudo USERNAME

  12. hey chup my conch maderfaker!!!!

  13. sdifgu says:

    not work , sudo: unknown defaults entry

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: