Ubuntu Server: Adding Users to the Sudoers List
If you have ever ran an Ubuntu Server installation, you may be familiar with the /usr/sbin/visudo file, which lists everyone with super-user permissions on the system. The only user that is in the file with ALL permissions by default is root, which, by default, isn’t even accessible directly in current Ubuntu versions. Though the root user can be assigned a password so that logging in as root is possible, no one would recommend it – or at least no one that I have seen.
When you install Ubuntu Server, you create an initial user. This user is automatically placed in the sudoers group, which means this user can perform actions as the root user by using the command sudo su and providing their password. Perhaps you’ve wanted to create an additional user and add them to the list of sudoers so that, like your initial user, they can use the sudo command. Well, it only takes two commands to do this.
First, you create the user using the adduser command:
sudo adduser <username>
At this point, some tutorials online explain how to add this user to the /usr/sbin/visudo file with the same permissions as the root user. If you do this, you will practically be creating a duplicate root user who can do anything on the system. Instead, it’s best to simply add this user to the sudo group:
sudo adduser <username> sudo
If you exit your current terminal session, reopen the terminal and log in as the user you just created, you’ll notice that this user can also perform actions using the sudo command.
You can also check to see that the user is in the sudo group by viewing the groups users:
grep sudo /etc/group
Make sure the user is listed after your initial user and any other users you may have already added.
Similarly, you can remove a user from the group using the deluser command:
sudo deluser <username> sudo
I recommend issuing the grep sudo /etc/group command to ensure the user was removed as well.
Also, take note that the initial user created when installing Ubuntu 12.04 is added to the following groups as well, so if you’re intention is to create a user who is an ‘administrator’ on the machine, it may be wise to add them to all of the following groups.
adm cdrom sudo dip plugdev lpadmin sambashare
To see the list of groups on your server, simply issue the command grep <username> /etc/group , where <username> is the user you initially created during system install. Of course, you can ignore the group with the same name as the user.