Many server operations require root privileges and cannot be performed by regular users. Of course, there are good reasons for this (security), but you may want to create a new sudo user in certain scenarios. For example:

  • You want to share server management with another admin without giving away your root password
  • You have created an account to run a specific application and need root temporarily to install it
  • There are users that need specific sudo privileges to perform their work
  • Creating a new user with sudo and disabling logins to the root user often helps to prevent automated login attacks and is generally more secure. Commands are logged and sudo access only lasts for five minutes after authenticating

In Linux, you can give users blanket sudo privilege group or often access to specific sudo commands while denying others. We'll show you how to use both methods across Ubuntu, Debian, and CentOS.

How to add a new user to Sudoers on Ubuntu, Debian, and CentOS

After logging in to your Ubuntu system with a root or sudo-enabled user, you can create a new user and add it to the sudo group. This is the step-by-step process:

  1. Run adduser yourusername in the terminal.
  2. Type a secure and unique password twice to set it.

3. The system will ask you for some information about the user. You can just press enter to skip this if you do not want to provide it. Press y to confirm the information is correct.

4. Now that you have created the user, you can add it to the sudo group using usermod -aG sudo yourusername. This will grant the user full sudo privileges.

5. Test the sudo privileges by logging in with su - yourusername and then adding sudo before a command that requires it.

How to give a user access to specific sudo commands

Giving a user access to some sudo commands but not others requires modifying the sudoers file. Now, it's worth noting that messing up the configuration here could lose you admin access entirely, so it's important to take a few precautions.

Before we start, back up your sudoers file using:

sudo cp /etc/sudoers /etc/sudoers.bak

When editing our file, we'll use visudo rather than a typical text editor. This is because it will check the configuration for syntax errors before allowing you to save.

  1. Work out the command you want to enable and type which <yourcommand> to get its file path.
  2. Run sudo visudo to start editing the sudoers file.
  3. At the end of the config, add a customized version of the following line:
limitedsudouser ALL=(ALL) NOPASSWD: /path/to/command1, /path/to/command2

Note that the NOPASSWD option allows the commands to run without a password prompt, which may be a security risk. You may want to remove it.

4. Save the config by pressing Ctrl + O, followed by Ctrl + X. It will be checked for syntax errors, and you'll be notified if you need to re-edit it.

5. Log in to your target user (su - username ), and try running the command to confirm that it is working and others aren't.

It's worth noting that you can add a user group to sudoers similarly. The syntax would be something like:

%sudo_group ALL=(ALL) /path/to/command1, /path/to/command2