Software & Apps Linux How to Use Ubuntu to Add a User to Sudoers Add and remove admin-level permissions using the GUI or the shell by Gary Newell Writer Gary Newell was a freelance contributor, application developer, and software tester with 20+ years in IT, working on Linux, UNIX, and Windows. our editorial process Gary Newell Updated on September 21, 2020 Linux Switching from Windows Tweet Share Email The sudo command elevates your permissions for a single Linux command. You can use sudo to run a command of any other user, although it is commonly used to run a command as the root user. Sudo and the Sudoers List It's bad security practice to allow all user accounts on a system to enjoy administrator-level credentials because administrators install and uninstall software and change key system settings. To see the sudo command in use, open a terminal window and run the following command: apt-get install cowsay This returns a fairly cryptic message: E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)E: Unable to lock the administration directory (/var/lib/dpkg/), are you root? Now, try the same command again. This time, though, put sudo in front of it, as follows: sudo apt-get install cowsay Enter your password, after which the cowsay application installs. Cowsay is a small novelty application for the shell that prompts you to enter a message, which is spoken as a speech bubble by an ASCII-drawn cow. When you first installed Ubuntu you were automatically set up as an administrator and therefore automatically added to what is known as the sudoers list. The sudoers list contains the names of all the accounts that are entitled to use the sudo command. The brilliance of sudo is that, if you walk away from your computer without locking it and another person wanders up to your machine, they can't run administrator commands on the computer because they need your password. What Happens If You Don't Have Sudo Permissions? When somebody who isn't in the sudoers list tries to run a command with sudo, they receive this message: User is not in the sudoers file. This incident will be reported. If a user account does not have permission to install software or perform any other command which requires administrator privileges, then the command is rejected and the incident is logged to a special file for later review by administrators. Do Sudo Permissions Only Affect the Command Line? The sudo privileges do not just affect command line actions. Everything in Ubuntu is governed by the same security protocols. Thus, installing an application from Ubuntu Software Center requires the same security access as installing that application from a shell session. In a graphical environment, the desktop environment raises a dialog box prompting for appropriate credentials. To add or remove sudo permissions: Open the Users tool and click the Unlock button. Click Add User. In the window that pops up, select the Administrator account type. Complete the name and username boxes, and configure a password setting. Click Add when you're done. To remove sudo access, modify the user account by changing its type to Standard. To add a sudo users within a shell session: Launch a shell session through an account that already enjoys sudo access. Execute the following command to add an existing account to the sudoers file: sudo usermod -a -G sudo <username> To remove a user account's sudo permissions, execute: sudo deluser <username> sudo For a deeper dive into account usergroups, explore the gpasswd utility. How to Find out Who Tried to Use sudo Without Permission When someone tries to run a sudo command without sudo permissions, the error message states that the attempt will be logged. In Ubuntu and other Debian-based systems, the errors are sent to /var/log/auth.log. On other systems such as Fedora and CentOS, the errors are logged to /var/log/secure. In Ubuntu, view the error log by typing one of the following commands: cat /var/log/auth.log | moretail /var/log/auth.log | more The cat command shows the whole file to the screen and the more command displays the output a page at a time. The tail command shows the last few lines of the file.