Shane Rainville
Posted on

How to Add Users and Groups to Sudo in CentOS and Ubuntu

Overview

In this tutorial, you will learn how to add users and groups to sudoers on Centos and Ubuntu. Sudo is a command found in Unix and Linux operating systems that allows a user to temporarily elevate their privileges, as well as run as another user.

In order for a user to use sudo they must be granted the right to. There are a number of ways to grant users the right, but the one we will look at in this tutorial is by editing the /etc/sudoers file.

Editing the Sudoers List

There are two ways to add users to sudo. The first is to use the Visual Sudo command.

visudo

Alternatively, you can edit the sudoers file directly.

sudo vi /etc/sudoers

Adding a User to Sudo

The syntax for creating a sudoers entry is as follows.

<username | alias>    <host> : [(<user list)] <command list | command alias>

For example, to allow user student1 access to all commands on all hosts, we would create the following entry.

student1     ALL : ALL

To allow student1 access to all commands on all hosts as all other users, the following entry would be created. This effective grants super user rights.

student1     ALL : (ALL) ALL

Adding a Group to Sudo

When you have more than few users to add to sudoers it may start to become cumbersome to mange their permissions individually. To simplify your task we can add users and groups to sudoers.

Granting groups sudoers permissions is the same as users, except a group name must be prefixed with a %. 

%java_students         ALL : (ALL) ALL

We can add users and groups to sudoers on the same line of configuration, however, this could get sloppy. Use only when necessary.

student1, %java_students        ALL : (ALL) ALL

Using User Alias

User aliases allow us to create a predefined group of users, user IDS, group names, group IDS. The alias can then be used to set sudoers permissions, which is useful when you have a list of groups or users that share the same access levels.

The syntax for creating an alias is as follows:

User_Alias ::= <name> = <user or group| user_list or group_list>

Lets add a few users to a User Alias, after which we will set the sudo privileges for the alias. We call the alias students and add students 1 through 3.

User_Alias ::= students = student1, student2, student3

The example of provide add a few users to the alias. You may have a large number of users that need sudo rights, and those users likely belong to a common set of groups.

Creating a User Alias with groups instead of users is very much the same, as we just replace the user names with group names. The difference that you need to be mindful of is a group must be prefixed with ‘%’.

User_Alias ::= students = %java_students, %c_students, %ops_students

To grant the alias sudoers permissions, we do the following

students        ALL : (ALL) ALL

Related Posts: