How to Create a Sudo User on Debian

Introduction

Before we begin talking about how to create a sudo user on Debian, let's briefly understand – What is a Sudo User?

A sudo user is a special user account in Linux that has administrative privileges to execute commands with elevated privileges. It allows users to perform system-level tasks, such as installing software, modifying system configurations, and managing other user accounts.

By using the "sudo" command, regular users can temporarily escalate their privileges to carry out administrative tasks, enhancing security and preventing unauthorized access to critical system functions. Sudo users play a crucial role in managing and securing Linux systems effectively.

In this tutorial, you will learn how to create a sudo user on Debian.

Advantages of Creating a Sudo User

  1. Enhanced Security: Sudo user allows granular control over command execution, reducing the risk of unauthorized system modifications.
  2. Privilege Escalation: Regular users can temporarily gain administrative privileges, promoting efficient and controlled system administration.
  3. Auditing Capabilities: Sudo logs command usage, enabling accountability and monitoring of privileged actions for security and compliance purposes.
  4. Access Control: Sudo user provides fine-grained access control, allowing administrators to specify which commands users can execute with elevated privileges.
  5. Simplified Administration: Sudo eliminates the need for multiple root accounts, streamlining administrative tasks and enhancing overall system management.

Create a sudo user

Create a new user account and provide it sudo access by following the procedures below. Skip to step 3 if you wish to configure sudo for an existing user.

Step 1 – Login to your server.

To begin, log in as the root user to your system:

ssh root@server_ip_address

Step 2 – Create a new user account

Use the adduser command to create a new user account. Remember to change username to your desired username:

adduser username

The command will ask you to create a new user password and confirm it. Make sure the new account's password is as strong as feasible (combination of letters, numbers and special characters).

Output

Adding user `username' ...
Adding new group `username' (1001) ...
Adding new user `username' (1001) with group `username' ...
Creating home directory `/home/username' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully

The program will establish a home directory for the user, copy numerous configuration files to the home directory, and prompt you to set the new user's details once you've set the user password. Simply hit ENTER to accept the defaults if you want to leave all of this information blank.

Output

Changing the user information for username
Enter the new value, or press ENTER for the default
    Full Name []:
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n]

Step 3 – Add the user to the sudo group

sudo access is allowed to members of the sudo group by default on Debian systems. Use the usermod command to add a user to the sudo group:

usermod -aG sudo username

Test the sudo access

To switch to the newly created user, use the following command:

su - username

To run the whoami command, use the sudo command:

sudo whoami

If the user has sudo access, the whoami command's output will be root:

Output

root

How to use sudo

To use sudo, simply type sudo followed by a space before the command:

sudo ls -l /root

You'll be prompted for the user password the first time you use sudo in a session:

[sudo] password for username:

FAQs to Create a Sudo User on Debian

How do I grant sudo access to an existing user on Debian?

Execute usermod -aG sudo username to add an existing user to the sudo group.

Can I create a sudo user without a password prompt on Debian?

Yes, you can configure passwordless sudo by editing the sudoers file with sudo visudo and adding the appropriate entry.

How can I remove sudo access from a user on Debian?

Remove the user from the sudo group using deluser username sudo.

How can I change the sudo password timeout on Debian?

Edit the sudoers file with sudo visudo and modify the Defaults env_reset,timestamp_timeout line accordingly.

Can I customize sudo privileges for different commands on Debian?

Yes, by editing the sudoers file, you can specify individual or group-based privileges for specific commands or command categories.

How can I view the sudoers file on Debian?

Use the command sudo visudo to open and view the sudoers file in the default text editor.

What should I do if I encounter problems with sudo on Debian?

Ensure that the user is properly added to the sudo group and that the sudoers file has correct syntax. You can also check system logs for any relevant error messages.

Conclusion

You now know how to create a user with sudo access. With this user account, you may now log in to your Debian server and run administrative commands using sudo.

If you have any queries, please leave a comment below and we’ll be happy to respond to them.