Software & Apps Linux How to Use Ubuntu to Add a User to Sudoers Add and remove admin-level permissions using the GUI or the shell By Gary Newell Writer Gary Newell was a freelance contributor, application developer, and software tester with 20+ years in IT, working on Linux, UNIX, and Windows. our editorial process Gary Newell Updated February 07, 2020 Linux Switching from Windows Tweet Share Email The sudo command elevates your permissions for a single Linux command. Use sudo to run a command of any other user, although it is commonly used to run a command as the root user. 01 of 05 What Is Sudo and What Is the Sudoers List? It's bad security practice to allow all user accounts on a system to enjoy administrator-level credentials because administrators install and uninstall software and change key system settings. To show you an example of the sudo command in use, open a terminal window and run the following command: apt-get install cowsay A fairly cryptic message will be returned: E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)E: Unable to lock the administration directory (/var/lib/dpkg/), are you root? Now try the same command again but this time put the word sudo in front of it as follows: sudo apt-get install cowsay Enter your password, after which the cowsay application installs. Cowsay is a small novelty application for the shell that prompts you to enter a message, which is spoken as a speech bubble by an ASCII-drawn cow. When you first installed Ubuntu you were automatically set up as an administrator and therefore automatically added to what is known as the sudoers list. The sudoers list contains the names of all the accounts that are entitled to use the sudo command. The brilliance of sudo is that if you walk away from your computer without locking it first and another person wanders up to your machine, they can't run administrator commands on the computer because they need your password to run that command. 02 of 05 What Happens If You Don't Have Sudo Permissions? When somebody who isn't in the sudoers list tries to run a command with sudo, they will receive the following message: "User is not in the sudoers file. This incident will be reported." If a user account does not have permission to install software or perform any other command which requires administrator privileges, then the command is rejected and the incident is logged to a special file for later review by administrators. 03 of 05 Do Sudo Permissions Only Affect the Command Line? The sudo privileges do not just affect command line actions. Everything in Ubuntu is governed by the same security protocols. Thus, installing an application from Ubuntu Software Center requires the same security access as installing that application from a shell session. In a graphical environment, the desktop environment raises a dialog box prompting for appropriate credentials. 04 of 05 Adding or Removing Sudo Permissions Within the Desktop Environment Open the Users tool then click the Unlock button. Click Add User. In the window that pops up, select the Administrator account type. Complete the name and username boxes and configure a password setting. Click Add when you're done. To remove sudo access, modify the user account by changing its type to Standard. Within a Shell Session Launch a shell session through an account that already enjoys sudo access. Execute the following command to add an existing account to the sudoers file: sudo usermod -a -G sudo <username> To remove a user account's sudo permissions, execute: sudo deluser <username> sudo For a deeper dive into account usergroups, explore the gpasswd utility. 05 of 05 How to Find out Who Tried to Use 'sudo' Without Permission When someone tries to run a sudo command without sudo permissions, the error message states that the attempt will be logged. Within Ubuntu (and other Debian based systems) the errors are sent to /var/log/auth.log. On other systems such as Fedora and CentOS, the errors are logged to /var/log/secure. In Ubuntu, view the error log by typing one of the following commands: cat /var/log/auth.log | moretail /var/log/auth.log | more The cat command shows the whole file to the screen and the more command displays the output a page at a time. The tail command shows the last few lines of the file.