Update (7/21/2014):
Do not do this on a production server. It is not a good practice.
You need to have root access to do that. So the first step to become root with the following command:
ken@debian:~$ su
Password:
debian:/home/ken# visudo
Now you can add a username to the list. For example:
ken ALL=(ALL) ALL
Save the file to complete the process.
Credit: Ubuntu Forum
I don’t recommend you to do that, only if you REALLY have to. Line “ken ALL=(ALL) ALL” gives ken full root access. “ALL=(ALL) ALL” means that user can run any command on any host as any user, so he has root access,. If you do that ken can run all the same commands root can and he can access all the same files root can. So ken can even wipe out the whole system. Remember also that if you have this in the /etc/sudoers
ken ALL=(ALL) ALL
bob ALL=(ALL) ALL
Now both ken and bob have root access. ken can access bob’s files and bob can access ken’s files. They can even write to files and remove files no matter what access rights you set. because they both have root access. So all privacy is lost.
And imagine what will happens if you use ken or bob as a regular username for everyday tasks, then your password is leaked to wrong hands…
Sudo was meant to be used so that you give user access to SOME of the commands which need root access. Sudo was not meant to be used as a full root replacement.
You can give user access to specific command eg. his way:
ken ALL = /usr/bin/apt-get
Now ken can only use apt-get, he can’t do anything else which needs root access,
I recommend you to read sudo and sudoers man pages:
$ man sudo
$ man sudoers
A small addition. If you have this in the /etc/sudoers
ken ALL=(ALL) ALL
bob ALL=(ALL) ALL
Then bob can even change ken’s password and then ken can’t even login anymore.
Well ofcourse ken does not need to be in /etc/sudoers in that last example
Thanks Miksuh. You brought up a very important point. I’ve never considered this ‘lost of privacy’ case as I’ve been a sole user of my Linux box.
Recently, I’ve successfully convinced my company to run a Linux server internally. I’ll follow your recommendation to read more about sudo/sudoers.
Very helpful, running a vps myself and want to be able to give access to some people. This will help 🙂
As a service provider this is quite a nice way of handing the customer a root-capable account, yet keeping the main root password as a fall back. It also encourages them to sudo first rather than using root daily as this is a bit dangerous.
I realise they could actually change the root password, but keeping root access from the customer isn’t the aim.
Thanks.
miksuh, you pointed out the 1st pitfall everyone does when using sudoers. thanks for the enlightenment !
A good way to grant root access without having it ‘always on’ is adding the entry
user ALL= /bin/su
This allows you to execute the command
$ sudo su
and enter your password to temporarily become root. Typing ‘exit’ at the shell will return the user to their regular username and status.
Now, mind you, this will still allow a user complete reign over the system, but hopefully will make them stop and think about what they’re doing first.
http://ishant-darklord.blogspot.com/2010/04/how-to-add-user-to-sudoers-list.html
This is 100% working on my ubuntu9.10
Hey there! I work for BeyondTrust. We’ve got a great white paper you can download for free that points out some of the issues/challenges/problems with using Sudo to manage root. Check it out: http://www.beyondtrust.com/WhitePapers/How_Secure_Is_Your_sudo.aspx?section=White-Papers
it shows root=(ALL) ALL
so should add my self there
example
Hacker=(ALL) ALL???
I would rather leave the default /etc/sudoers file as is and add the user you want to give all privs to sudoers group. As root you can: usermod -a -G sudo USERNAME
hey chup my conch maderfaker!!!!
not work , sudo: unknown defaults entry
Sorry but this post should be named “HOW NOT TO ADD USER TO SUDOERS LIST IN DEBIAN/UBUNTU”
I couldn’t agree more. I would not recommend this practice in any production servers. In fact, this was written when my Linux knowledge was at a minimum.
Someday, I’ll re-write a better or improved way of giving privileges access to users. Thanks.