How to Add a User to Sudo Group on Debian 9

In this article, we will show you how to add a user to the sudo group in Debian 9.

Every time you install a fresh new operating system, a user named root is being created automatically. This user is extremely powerful and even dangerous because it has a complete access to the server. Typically, the root user is only used for administrative tasks, as there are no restrictions present like they are for any other user.

Note that Linux does not have an “undo” command. In order to reduce the risk of irreversible damage to the system, we can create a user who will not have privileges to execute commands that can affect the server. However, having administrative access may still be appropriate for everyday tasks – sometimes we need the power to execute some command as an administrative user. This benefit can be utilized using the sudo command. However, to use the sudo command, the user is required to be present in the sudo group. Let’s get started with the tutorial. This should work in Debian 10 as well as other future versions of Debian, as these commands usually only have small variations over time.

Step 1. Connect to your server via SSH and Update your Server OS packages

NOTE: You will need access to the root account in order to add users to the sudo group.

The first thing we need to do is access the Debian server via SSH as the root user.

ssh root@server_ip_address -p port_number

Do not forget to replace the “server_ip_address” and “port_number” with your actual server IP address and port number.

It’s not a mandatory step for this tutorial, however it’s a good practice to update your server packages frequently. It maximizes security and can introduce new features to your server. Once you have logged in, you can update your Debian 9 packages to the latest version using:

# apt update && apt upgrade

Step 2. Adding a New User

In this step, we’ll be adding a new user. When we add new users to the system, these users are by default not privileged with any administrative access. This means that these users will be able to add or edit files only if they are owners of those files.

Since we are currently logged in as a root user, we can add the new user with the following command:

# adduser testuser

Do not forget to replace testuser with your desired username.

When we run this command it will request to enter information about the new user. Please make sure that the password for the new user is a strong password utilizing at least 10 characters including alphanumeric and grammatical symbols.

Never use passwords based upon dictionary words or significant dates.

Output:

Adding user `testuser' ...
Adding new group `testuser' (1001) ...
Adding new user `testuser' (1001) with group `testuser' ...
Creating home directory `/home/testuser' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

After you set the user password, the home directory will be created for that user and will prompt you to set up information for this new user.

Changing the user information for testuser
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]

Note that you are not required to enter information for the fields you don’t wish to populate. The only exception is the password.

When you enter the desired information just confirm the information by typing Y.

Step 3. Accessing the New User

After we created a new system user account, we can log in with our newly created user through SSH by typing:

$ ssh testuser@server_ip_address -p port_number

There is also a different way to quickly switch to a different user if we are already logged in to the server. This is possible by using the su command. The su command stands for substitute user, and it allows us to enter directly into a different user account without logging out of our currently logged in user. We can use it like this:

$ su - testuser

When executing this command, the password for the testuser will be requested. If we enter the correct password, we will change the current user to our new testuser. If we  want to go back to the previous session, we can do that using the exit command:

$ exit

Step 4. Add the User to the sudo Group

As we mentioned, our new user testuser is created without administrative privileges by default. For example, if we want to execute a command that requires these privileges, it will list the following output:

testuser is not in the sudoers file. This incident will be reported.

If we want our user to have access to these privileges, we need to add it to the sudo group. All users belonging to the sudo group are allowed to use the sudo command for any purpose.

Using the following command executed as root user, we can add our testuser to the sudo group:

# usermod -aG sudo testuser

Now, when we log in as our testuser, we can run commands that require root privileges using sudo.

$ sudo command_name

When we execute the command with sudo, we will be prompted for the password for our testuser (not the root password), and then the command will be executed with elevated access.

The first time we use the sudo command, it will indicate a message:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for testuser:

We can test the sudo access with the whoami command:

$ sudo whoami

Because we just added our user testuser to sudo group, our output of the whoami command will be root:

Output:
root

Step 5. Remove the User from sudo Group and Delete a User

In our last step, we will also cover how to remove sudo privileges from the user and how to delete a user.

If we no longer need a user to have root privileges, we can remove it from the sudo group with this command:

# deluser testuser sudo

and we will receive the following output

Output:

Removing user `testuser' from group `sudo' ...
Done.

This will only take sudo access away from our user testuser, which will not delete the user itself. But if we no longer need that user, we can delete this user by using this syntax:

# deluser --remove-home testuser

The --remove-home option will delete the home directory that belongs to our user testuser.

Output:

Looking for files to backup/remove ...
Removing files ...
Removing user `testuser' ...
Warning: group `testuser' has no more members.
Done.

Conclusion

In this article, we show you how to add, access, grant sudo privileges, remove sudo privileges, and delete users on a Debian 9 server. These are basic tasks for managing users. By familiarizing yourself with these processes you will be able to configure your Debian 9 server faster and safer.


Of course, you don’t have to add a user to Sudo group on Debian 9, if you use one of our Debian Hosting services, in which case you can simply ask our expert Linux admins to add or remove a sudo user on Debian 9, for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post on how to add a user to Sudo group on Debian 9, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *