There are two ways to do this.
- Add the user to a sudoer group
- Give the user sudoer powers directly
We will be doing this using the root account.
Common Tasks
The file that holds the crux of this task is /etc/sudoers. Let’s get familiar with it:
[root@amayem ~]# cat /etc/sudoers
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
.
.
.
Something similar if not the same should show up. I truncated it to preserve space.
Add the user to a sudoer group
First let’s find out whether we have a group that has sudo powers and what its name would be:
What we are looking for in /etc/sudoers is the following line:
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
Note that in some linux distros wheel is called admin, in which case just replace wheel with admin in all the following commands. So our sudoer group will be called wheel and we just need to uncomment that line. Notice that at the top of the file it told us that “This file must be edited with the ‘visudo’ command”. Issue the followng command:
[root@amayem ~]# visudo
To jump the cursor to where we want it type /%wheel, which will search for the first occurrence of that string. If it doesn’t take you there then press n till you reach it. To uncomment simply delete the leading # in the line. You can do that by putting the cursor over it and pressing x. Great we are done, now just save the file by pressing :x and you are good to go.
We can check that the file has indeed been modified by issuing the following command:
[root@amayem ~]# grep wheel /etc/sudoers
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
# %wheel ALL=(ALL) NOPASSWD: ALL
Our line is uncommented, so we are good to go. Notice that there is another, commented, line with wheel, which allows the users in that group to use sudo without a password. If you prefer that then simply comment the first line and uncomment the other line.
Now let’s add our user to the group. First let’s check what groups our user belongs to.
[root@amayem ~]# groups ahmed
ahmed : ahmed dev
Now we add him to the group:
[root@amayem ~]# usermod -a -G wheel ahmed
The -G flag adds the user ahmed to the group wheel. If we had not added the -a flag, which stands for append, we would have removed the user from all his other groups and only put him in the specified group. Now let’s check that it has worked:
[root@amayem ~]# groups ahmed
ahmed : ahmed wheel dev
Looks good. Move on to testing.
Give the user sudo powers directly
Let’s find the users who have sudo powers. We know that at least one user has sudo powers and that is root. Indeed we find such a line as this in /etc/sudoers:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
All we need to do is add our user under root in the same way. Notice that at the top of the file it told us that “This file must be edited with the ‘visudo’ command”. Issue the followng command:
[root@amayem ~]# visudo
To jump the cursor to where we want it type /root, which will search for the first occurrence of that string. If it doesn’t take you there then press n till you reach it. Press i to go into insert mode and add the following line:
ahmed ALL=(ALL) ALL
Great we are done. Exit insert mode by typing Esc or if that doesn’t work then Ctrl+c and save the file by pressing :x and you are good to go.
We can check that the file has indeed been modified by issuing the following command:
[root@amayem ~]# grep ahmed /etc/sudoers
ahmed ALL=(ALL) ALL
Looks good. Move on to testing.
Testing
Time to test our new sudo powers. Switch to the newly empowered user, in our case ahmed and let’s try something that only root can do, like see what is in the /root directory:
[root@amayem ~]# su ahmed
[ahmed@amayem root]$ ls
ls: cannot open directory .: Permission denied
[ahmed@amayem root]$ sudo ls
[sudo] password for ahmed:
tmp
Looks good. the ls command without sudo was denied, but with sudo it worked. Congratulations.
References
Igor Chubin‘s and Lev Levitsky‘s answers in this stack overflow answer.
