Skip to main content

Add user to sudo

You most likely already have sudo installed (should be installed by default in Debian 11). Because of that, the sudo group already exists and is in /etc/sudoers file. The only thing we have to do is add our user to the sudo group.

Add user to sudo group

1. Login as root

2. Add user username to sudo group

(root)$ usermod -aG sudo username
  • -a adds user to a new supplementary group
  • -G specifies the name of the group to append to the user

3. Check whether your user is in the sudo group

(root)$ groups username
username : username cdrom floppy sudo audio dip video plugdev netdev bluetooth lpadmin scanner

As you can see from the output, sudo is on of the groups username is in.

4. Log out of root, login as your user and try to use sudo do execute a privileged command like apt upgrade. You will be prompted for a password (your user password, not root password). If you type it in correctly, and the command works, you have appropriate privileges, if not, you will be warned that the user isn't in the sudoers file.

Don't forget to actually log off root before logging back as your user. Your mileage may vary, but when I didn't do that, sudo didn't reload config and thought I wasn't in the sudoers file.

Disable password for sudo

If you have a really long password like me, you probably don't want to type it in every time you use sudo. By default, there's a timeout in sudo that allows you to execute multiple elevated commands before asking you for a password again. However, if you never want to be asked for a password when running sudo, you need to edit a configuration file.

1. Backup the current sudoers file in case something goes wrong.

$ sudo cp /etc/sudoers ~/

2. Edit the sudoers file with visudo to avoid making syntax mistakes (visudo does basic checks).

$ sudo visudo

This will happen if you make a syntax mistake:

image-1633877589504.png

3. Edit the line with %sudo and make it look like this. sudo has very powerful configuration, man sudoers for more.

# Allow members of group sudo to execute any command
%sudo	ALL=NOPASSWD: ALL

4. Log out or reboot and test if it works.