Introduction
The sudo command grants elevated privileges to a regular user, enabling them to temporarily execute programs with root permissions.
In this guide, you will learn how to create a user with sudo privileges in Debian, add a user to the sudo group, edit the sudoers file, and verify the user's sudo access.
Prerequisites
- A system running Debian (this tutorial uses Debian 12).
- Access to an account with sudo or root privileges.
- Access to the terminal.
Steps to Create a Sudo User on Debian
Standard user accounts are restricted from executing sensitive operations. For instance, attempting to list the /root directory contents using the ls command without elevated privileges results in an error:
ls /root
To use sudo and gain access to elevated privileges, take the steps below.
Step 1: Switch to the Root User
To create and modify users, you need root or sudo access. To switch to the root user, run the su command:
su root
Step 2: Create a New User on Debian (adduser)
As the root user, create a new user with the adduser command. Append the desired user account name to the command:
adduser usernameNote: If you already have an account you'd like to use, skip this step and go to Step 3.
For example, add user1 with the command:
adduser user1The output looks like this:
To complete the process, enter the password for the user account and retype to confirm it.
The terminal also prompts you to change the user information. Fill in the details or hit Enter to leave the fields blank.
Step 3: Grant Sudo Privileges
Users with root privileges can grant sudo privileges to any account. There are two ways to do this: via the usermod command or by editing the sudoers file. The following text elaborates on both options.
Add Debian User to Sudo Group Using usermod
All sudo group users have sudo privileges. To add a user to the sudo group via the usermod command, use the following:
usermod -aG sudo usernameThe command consists of the following parts:
usermod. Modifies a user account.-aG. Tells the command to add the user to a specific group. The-aoption adds a user to the group without removing it from current groups. The-Goption states the group in which to add the user. In this case, these two options always go together.sudo. The group we append to the above options. In this case, it is sudo, but it can be any other group.username. The name of the user account you want to add to the sudo group.
For example, add user1 to the sudo group with:
usermod -aG sudo user1The command has no output. However, to verify the new Debian sudo user was added to the group, run the command:
getent group sudoThe output lists all users in the group.
Edit the Sudoers File
To grant sudo privileges by editing the sudoers file, take the following steps:
1. Access the sudoers file with:
sudo visudo
2. Go to the section called User privilege specification.
3. Add a user and the appropriate permissions. For example, for user1:
user1 ALL=(ALL:ALL) ALL
This means user1 is allowed to run any command on any host, as any user and any group.
4. Save and exit the file.
Test Sudo Access
To make sure the new user has sudo privileges:
1. Switch to the user account you want to test (in this case, user1):
su - user1
2. Run any command that requires superuser access. For example, execute:
sudo whoami
The sudo whoami command outputs root because a user with elevated privileges executes it.
How to Use Sudo on Debian
To run a command with root access, type in sudo and enter the desired command.
For example, to view details for the root directory, run the ls tool:
sudo ls /root
Enter the password, and the terminal shows the root directory contents.
Conclusion
This article explained how to create a sudo user on Debian using two different methods. Next, learn the differences between sudo and su.
