How to Add a User to Sudoers on Debian 11 or 10

Debian is a popular operating system widely used for servers and desktops. If you’re running a Debian server, it’s essential to have administrative privileges to carry out tasks like installing software, configuring services, and managing files. In this guide, we’ll show you how to add a user to the sudoers list on Debian, giving them the ability to run commands with superuser privileges.

What is sudo?

The sudoers file on Debian controls who can run commands with superuser privileges. By default, only the root user has these privileges, but you can add other users to the sudoers list so that they can perform administrative tasks. Adding a user to the sudoers list is essential when setting up a new Debian server, especially if multiple people need to access it.

Prerequisites

Before proceeding, you must have a Debian Linux machine with root access. Additionally, you must create a new user on the machine you want to add to the sudoers file.

Install sudo package

To reinstate the sudoers file if it has been removed or is missing, it is necessary to reinstall the package using the following command.

sudo apt install sudo

Change to Root Account

To add a new user with sudo privileges on Debian, it is necessary to log in to the Debian root account. The root account was created during the initial installation of Debian and required a password for access. This password was set by you during the installation process and will be needed to add a new sudo user. It is essential to keep the root password secure and to only use it when necessary, such as when adding new sudo users.

su

Upon entering the root password, the system will prompt for confirmation. Upon successful verification of the password, the displayed username will change to “root,” indicating that you are now logged in as the root user.

Example output of root account:

root@debian:/home/joshua# 

Create a User Account

Adding a new user with sudo privileges to a Debian system begins with creating the user account. While granting administrative privileges to an existing user account is possible, this tutorial will focus on the steps to create a new account from scratch.

A new user account must be created using the following command, replacing “example username” with the desired username.

sudo adduser <example username>

Example with my name:

sudo adduser josh

After executing the previous command and pressing enter, the system will prompt the creation of a password for the new user account. Using a strong password that includes a combination of uppercase and lowercase letters, symbols, numeric values, and special characters is important. This will ensure the security of the new user account and prevent unauthorized access, especially considering that the account has been granted sudo privileges.

It is also recommended to follow established password policies and to frequently change the password to maintain the highest level of security.

Example of the prompt:

Upon successfully setting the password for the new user, the system will prompt for additional information about the user, such as the full name, contact information, and other details. While these details are optional, providing as much information as possible is recommended to represent the user within the system accurately.

If you prefer not to provide additional information, you can press the enter key to skip this step and proceed with the next. It is important to remember that the information provided will be used for identification purposes and to represent the user within the system accurately.

Example of the prompt:

Upon completing the previous step, type “Y” and press the enter key to proceed. The following command can be executed to confirm that the new user has been added to the system.

cat /etc/passwd

This command will display the list of all users on the system, including the recently added user. If the new user is listed in the output, it confirms that the user has been successfully added to the system. It is important to ensure that the user has been added correctly to prevent any future issues with authentication or authorization.

Example output:

It’s important to note that the information regarding new and existing users on the system is stored in the file located at /etc/passwd. This file references user information, including the user name, user ID, group ID, home directory, and shell. This information can be used for various purposes, such as authentication, authorization, and system administration tasks. It is recommended to keep this file updated and accurate for seamless system management.

Add New User To Sudoers Group

In the next section, having learned how to add a user to the system, you will now learn how to grant the newly added or existing user sudo privileges. To do this, execute the following command:

sudo usermod -aG sudo <example username>

Example with my name:

sudo usermod -aG sudo josh

It’s always a good practice to verify if the user was successfully added to the sudoers group. This can be done by executing the id command as follows.

id <username>

Replace <username> with the name of the user you want to verify. This command will display information about the user, including their user ID, group ID, and supplementary groups if any. If the sudo group is listed, it means the user has been successfully granted sudo privileges.

Example with my name:

id josh

Example output:

uid=1001(josh) gid=1001(josh) groups=1001(josh),27(sudo)

Alternatively, you can also use the gpasswd command in the following manner.

gpasswd -a <example username> sudo

Replace <username> with the name of the user you want to add to the sudoers group. This command will add the user to the sudo group, granting them sudo privileges.

Example with my name:

gpasswd -a joshua sudo

Example output:

adding joshua to group sudo

Confirm New Sudo User

After adding the desired user to the sudoers group, it’s time to test the account. You can do this by using the su command, followed by the username, like this:

su <example username>

Replace <username> with the name of the user to that you have given sudo access. This will switch the user to the newly created or existing user account, allowing you to test the account’s sudo privileges.

Example with my name:

su josh

Verify the username by executing the following command: “sudo whoami.”

sudo whoami

You will be asked to enter the password for the sudo user you are using. After entering the correct sudo username and password, you should receive a confirmation message indicating that the user has been granted sudo privileges and can perform administrative tasks on the system.

root

Congratulations, you have successfully added a new user to the sudoers group and granted them elevated privileges on Debian.

Conclusion

In conclusion, adding a new user to the sudoers group on Debian is a simple process involving creating the user account, setting the password, and granting sudo access to the user access. The steps involved include logging into the Debian root account, creating the user account, selecting the password, adding the user to the sudoers group, and confirming the user’s sudo access. The process can be done using the usermod or gpasswd commands, followed by a test of the new user account with the sudo command. Following these steps, you can effectively add a new user to the sudoers group on Debian, giving them the necessary permissions to execute commands with elevated privileges.

Frequently Asked Questions