When you create a new Ubuntu server in the cloud, by default you get the root account. This account has full system access with no restrictions at all and should only be used for administrative tasks. You can always create a new user account with fewer privileges. But there are times when you need extra root privileges to add a new user or change some system setting. You can use the sudo
command to temporarily get extra privileges for a single command. In this recipe, you will see how to grant sudo
privileges to a newly created user.
Follow these steps to get the root privileges with sudo
:
$sudo adduser john
john
a member of sudo
group with the following command:$sudo adduser username sudo
All sudo
access rules are configured in a file located at /etc/sudoers
. This file contains a list of users and groups that are allowed to use the sudo
command:
alan ALL=(ALL:ALL)ALL // allow sudo access to user alan %sudo ALL=(ALL) ALL // allow sudo access to members of sudo
The line alan ALL=(ALL:ALL) ALL
specifies that the user alan
can run any command as any user and optionally set any group (taken from man
pages for sudoers
: man sudoers
).
The entry %sudo ALL=(ALL) ALL
specifies that any member of system group sudo
can run any command as any user.
All we have to do is add a new user to the group sudo
and that user will automatically get sudo
privileges. After getting the membership of the sudo
group, user needs to log out and log back in for the changes to take effect. Basically, the user shell needs to be restarted with new privileges. Optionally, you can always go and change the sudoers
file for a specific condition.
Here, we will discuss how to set a password-less sudo
and some additional benefits of sudo
.
sudo
is a useful and handy tool for temporary root privileges, but you need to enter your password every time. This creates problems especially for users with no password set. This problem can be solved by setting the NOPASSWD
flag in the sudoers
file. Make sure you use the visudo
tool to edit the sudoers
file:
sudoers
file with the visudo
command:$sudo visudo
sudo
access.NOPASSWD
after closing the bracket:%sudo ALL=(ALL:ALL) NOPASSWD: ALL
visudo
.Now, the users of the group sudo
should be able to use the sudo
command without providing a password. Alternatively, you can add a separate entry to limit password-less access to a specific user.
Note that the sudoers
program performs cache authentication for a small time (default is 15 minutes). When repeated within timeout, you may notice password-less sudo
without setting the NOPASSWD
flag.
In addition to running a single command with sudo
, you might want to execute a list of commands with the sudo
privileges. Then, you can open a shell with root access (# prompt
) with the command $sudo -s
. The shell environment remains same as original user, but now you can execute commands as a root user.
Alternatively, you can switch user to root with the command $sudo su -
. This command will open a new shell as a root user.