Adding, Deleting and Granting Sudo Privileges for Users in Ubuntu 22.04 LTS

Este post também está disponível em: Português (Portuguese (Brazil))

This tutorial explains how to add, delete and grant sudo privileges to users on the Ubuntu Linux operating system. The guide is officially tested on Ubuntu 22.04 and 20.04 LTS editions.

Before getting into the topic, let’s see what sudo is and its benefits.

1. What is sudo?

In Linux and Unix operating systems, there is a special user called – root. The root user can do anything and everything on a Linux or Unix system.

Using the root user for day-to-day activities can be dangerous and is not recommended. One wrong command can destroy the entire system! That’s where “sudo” comes in.

Sudo allows authorized users to perform tasks with root-level privileges, even if they do not know the root user’s password.

This is why it is important to create a regular user and add it to the sudo user group to perform administrative tasks. Therefore, this user can act as both a regular user and an administrative user when executing commands prefixed with sudo.

2. Benefits of being sudo

You don’t need to share the root password with other users.

Users do not need to know the root user password to perform administrative tasks.

When performing an administrative task, users will be prompted for the sudo password before any changes can occur to the system. It should make users think about the consequences of what they are doing.

Administrator rights can be easily granted to users and revoked at any time if they are no longer needed.

Some Linux distributions, for example Ubuntu, disable the root user by default, so there is no way to launch brute force attacks on the root user. Even if someone tried, it would be useless because there is no root password to crack.

More importantly, the sudo session will exit after a short while. If you left the terminal open after running some commands with sudo permission, authentication automatically expires. Therefore, other users cannot perform other administrative tasks. By default, the sudo password is remembered for 15 minutes in the current session. After that, you need to enter the password again.

You can monitor the command line activity of sudo users. sudo adds a log entry of commands executed by users to the /var/log/auth.log file. If there is a problem, you can look at these commands and try to figure out what went wrong.

These are some advantages of being a sudo user. Now, let’s see how to add, delete and grant Sudo privileges to users in Ubuntu Linux.

Add new user in Ubuntu Linux

First, let’s create a common user, e.g. “helpsysadmin” .

Execute

sudo adduser helpsysadmin

Replace helpsysadmin with whatever username you want.

Inform your password

example output:

Adding user helpsysadmin' ... Adding new grouphelpsysadmin' (1001) …
Adding new user helpsysadmin' (1000) with grouphelpsysadmin' …
Creating home directory /home/helpsysadmin' ... Copying files from/etc/skel' …
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for helpsysadmin
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y


We just created a new user called “helpsysadmin”. This user has not yet been granted sudo access, so he cannot perform any administrative tasks.

You can check whether a user has sudo access or not with the command below

sudo -l -U helpsysadmin

you will see:

User helpsysadmin is not allowed to run sudo on server

Grant Sudo Privileges to Users in Ubuntu Linux

Add the newly created user to the sudo group using the following command:

usermod -aG sudo helpsysadmin

To test the new permissions sudo are in operation, first use the command su To switch to the new user account:

su - helpsysadmin

As the new user, make sure you can use sudo by placing sudo before the command you want to run with superuser privileges. example

sudo apt update
sudo apt upgrade

A regular user would not be allowed to execute the above commands

The first time you use sudo in a session, you will be prompted for that user’s account password. Enter password to continue:

Output:
[sudo] password for helpsysadmin:

If the user is in the correct group and you enter the password correctly, the command you issued with sudo will be executed with root privileges.