We select and review products independently. When you purchase through our links we may earn a commission.

Learn more.

How-To Geek

Linux

How to Add a User to the sudoers File in

Linux
DAVE MCKAY
OCT 30, 2022, 12:00 PM EST
| 5 MIN READ

fatmawati achmad zaenuri/Shutterstock.com

Key Takeaway

If you're being told a user "is not in the sudoers file," you can
add a sudo user with the usermod command. To control
what a user can do with sudo, edit the sudoers file with
visudo.

If a sudo command on Linux gets you a message that a user

“is not in the sudoers file,” you’ll need to get on the “sudoers”
list. We’ll walk through adding a user to sudoers in Ubuntu and
other Linux distributions as well as editing the sudoers file.

Table of Contents

Why Do I Need to Be Added to the sudoers File?

How to Open the sudoers File

Add a sudo User in Ubuntu and Other Linux Distros

Limit sudo Privileges by Editing the sudoers File

Whosoever Holds This Command

Why Do I Need to Be Added to the

sudoers File?

In Linux installations, the root user is the most highly-

privileged user. They can perform any administrative task,
access any file regardless of actually owns it, and they can
create, manipulate, and even remove other users.

This level of power is dangerous. If root makes a mistake, the

results can be catastrophic. They have the ability to mount and
unmount file systems, and to over-write them entirely. A much
safer way to work is to never log in as root.

Nominated users
RELATED
can use sudo to
8 Ways to Tweak and
temporarily gain
Configure Sudo on
administrative Ubuntu
powers, perform
the action that is required, and then return to their normal,
unprivileged state. This is safer because you consciously
invoke your higher powers when you need them, and while
you’re focused on doing whatever it is that requires them.

The sudo command is the Linux equivalent of shouting

“Shazam.” When the scary stuff is over, you abandon your
superpowered alter-ego and go back to your normal humdrum
self.

Logging in as root is turned off by default on most modern

distributions, but it can be reinstated. Using the root account
for day-to-day work is inadvisable. Mistakes that would
ordinarily impact a single user or that would be blocked
altogether because of insufficient privileges, can run
unhindered if root issues them.

Modern Linux distributions grant sudo privileges to the user

account that’s created during the installation or post-
installation configuration steps. If anyone else tries to use
sudo , they’ll see a warning message like this:

mary is not in the sudoers file. This incident will

That seems plain enough. Our user mary can’t use sudo
because she isn’t “in the sudoers file.” So let’s see how we can
add her, making her a sudo user.

RELATED: How to Control sudo Access on Linux

How to Open the sudoers File

Before we can add a sudo user we need to work with the

sudoers file. This lists the user groups of the users who can
use sudo. If we need to make amendments to the file, we must
edit it.
The sudoers file must be opened using the visudo command.
This locks the sudoers file and prevents two people trying to
make changes at the same time. It also performs some sanity
checks before saving your edits, ensuring they parse correctly
and are syntactically sound.

Note that visudo isn’t an editor, it launches one of your

available editors. On Ubuntu 22.04, Fedora 37, and Manjaro 21,
visudo launched nano. That might not be the case on your
computer.

If we want to give someone access to full sudo privileges, we

only need to reference some information from the sudoers file.
If we want to be more granular and give our user some of the
capabilities of root, we need to edit the file and save the
changes.

Either way, we need to use visudo.

RELATED: How to Exit the Vi or Vim Editor

Add a sudo User in Ubuntu and

Other Linux Distros

We’ve got two users who need access to root privileges in

order to carry out their job roles, so we’ll add them to sudoers.
They are Tom and Mary. Mary needs to have access to
everything root can do. Tom only needs to install applications.

Let’s add Mary to the sudoers’ group first. We can do this on

Ubuntu and most other Linux distributions the same way, by
starting visudo.

sudo visudo
Scroll down in the editor until you see the “User Privilege
Specification” section. Look for a comment that says
something similar to “Allow members of this group to execute
any command.”

We’re told that members of the sudo group can execute any
command. All we need to know in Mary’s case is the name of
that group. It isn’t always sudo ; it might be wheel or something
else. Now that we know the name of the group, we can close
the editor and add Mary to that group.

We’re using the

RELATED
usermod
How to Change User
command with the
Data With chfn and
-a (append) and - usermod on Linux
G (group name)
options to add users to sudoers. The -G option allows us to
name the group we’d like to add the user to, and the -a option
tells usermod to add the new group to the list of existing
groups this user is already in.
If you don’t use the -a option, the only group your user will be
in is the newly added group. Double-check, and make sure
you’ve included the -a option.

sudo usermod -aG sudo mary

The next time Mary logs in, she’ll have access to sudo. We’ve
logged her in and we’re trying to edit the file system table file,
“/etc/fstab.” This is a file that is out of bounds to everyone
but root.

sudo nano /etc/fstab

The nano editor opens up with the “/etc/fstab” file loaded.

Without sudo privileges, you’d only be able to open this as a

read-only file. Mary no longer has those restrictions. She can
save any changes she makes.

Close the editor and don’t save any changes you may have
made.

Limit sudo Privileges by Editing the

sudoers File

Our other user, Tom, is going to be granted permission to

install software, but he isn’t going to receive all of the
privileges that were awarded to Mary. We can make Tom a
sudo user without giving him every privilege.

We need to edit the sudoers file.

sudo visudo

Scroll down in the editor until you see the “User Privilege
Specification” section. Look for a comment that says
something similar to “Allow the members of this group to
execute any command.” It’s the same point in the file where we
found the name of the group we needed to add Mary to.

Add these lines below that section.

# user tom can install software

tom ALL=(root) /usr/bin/apt

The first line is a simple comment. Note that there is a Tab
between the user name “tom” and the word “All.”

This is what the items on the line mean.

tom: The name of the user’s default group. Usually this is

the same as the name of their user account.

ALL=: This rule applies to all hosts on this network.

(root): Members of the “tom” group—that is, user Tom—can

assume root privileges, for the listed commands.

/usr/bin/apt: This is the only command user Tom can run

as root.

We’ve specified the apt package manager here because this

computer uses Ubuntu Linux. You’d need to replace this with
the appropriate command if you’re using a different
distribution.

Let’s log Tom in and see if we get the expected behavior. We’ll
try to edit the “/etc/fstab” file.

sudo nano /etc/fstab

That command is rejected, and we’re told that “user tom isn’t
allowed to execute ‘/usr/bin/nano /etc/fstab’ as root …”

That’s what we wanted. User Tom is only supposed to be able

to use the apt package manager. Let’s make sure they can do
that.

sudo apt install neofetch

The command is successfully executed for Tom.

Whosoever Holds This Command

If all your users can use sudo, you’ll have chaos on your hands.
But it is worth promoting other users to the sudoers list so
they can share your administrative burden. Just make sure
they’re worthy, and keep an eye on them.
Even if you’re the only user on your computer, it’s worth
considering creating another user account and adding it as
a sudo user. That way, if you ever find yourself locked out of
your main account, you have another account you can log in
with to try to remedy the situation.

RELATED: How to Review sudo Command Usage on Linux

DAVE MCKAY
Dave McKay first used computers when
punched paper tape was in vogue, and he has
been programming ever since. After over 30
years in the IT industry, he is now a full-time
technology journalist. During his career, he has worked as a
freelance programmer, manager of an international software
development team, an IT services project manager, and, most
recently, as a Data Protection Officer. His writing has been
published by  howtogeek.com, cloudsavvyit.com,
itenterpriser.com, and opensource.com. Dave is a Linux
evangelist and open source advocate. READ FULL BIO »

How-To Geek is where you turn when you want experts to explain technology. Since we
launched in 2006, our articles have been read more than 1 billion times. Want to know
more?