How to Add a User to Sudoers in Ubuntu
The sudo
command allows trusted users to execute commands as root or another user. On Ubuntu, you can grant sudo privileges to a user in two ways: by adding them to the sudo group or by configuring the sudoers file directly.
This guide covers both methods, including how to grant full sudo access, passwordless sudo, and command-specific permissions.
Quick Reference
| Task | Command |
|---|---|
| Add user to sudo group | sudo usermod -aG sudo username |
| Verify group membership | groups username |
| List user’s sudo permissions | sudo -l -U username |
| Edit sudoers file safely | sudo visudo |
| Create sudoers drop-in file | sudo visudo -f /etc/sudoers.d/username |
| Test sudo access | sudo whoami |
Adding User to the sudo Group
The easiest way to grant sudo privileges in Ubuntu is to add the user to the “sudo” group. Members of this group can execute any command as root and are prompted for their password when using sudo.
We are assuming the user already exists. If you need to create a new user, see our guide on adding and deleting users in Ubuntu .
To add the user to the sudo group , run the following command as root or another sudo user:
sudo usermod -aG sudo usernameReplace username with the actual username you want to grant sudo access.
su - username, for the changes to apply.Verify Group Membership
To confirm the user was added to the sudo group, use the groups command:
groups usernameThe output should include sudo in the list of groups:
username : username sudoYou can also use getent to list all members of the sudo group:
getent group sudoTest sudo Access
To verify the user has sudo privileges, run the whoami command with sudo:
sudo whoamiIf the user has sudo access, the command will prompt for a password and then print:
rootIf you see an error saying “user is not in the sudoers file”, the user does not have sudo privileges.
Adding User to the sudoers File
The /etc/sudoers file controls which users and groups have sudo privileges and what commands they can run. Editing this file directly allows you to grant customized access and configure specific security policies.
Using visudo
Always use the visudo command to edit the sudoers file. This command validates the syntax before saving, preventing errors that could lock you out of sudo access entirely.
To open the sudoers file:
sudo visudoBy default, visudo uses the vi editor. If you prefer nano
, you can change the editor:
sudo EDITOR=nano visudoGrant Full sudo Access
To grant a user full sudo privileges, add the following line at the end of the file:
username ALL=(ALL:ALL) ALLThis line means:
username- The user this rule applies to.ALL(first) - The rule applies on all hosts.(ALL:ALL)- The user can run commands as any user and any group.ALL(last) - The user can run all commands.
Save the file and exit the editor .
Grant Passwordless sudo Access
To allow a user to run sudo commands without entering a password, use the NOPASSWD directive:
username ALL=(ALL:ALL) NOPASSWD:ALLGrant Access to Specific Commands
To allow a user to run only specific commands with sudo, list the full paths to those commands:
username ALL=(ALL:ALL) NOPASSWD:/bin/mkdir,/bin/rmdirThis allows the user to run only mkdir
and rmdir with sudo, without a password.
To require a password for specific commands, omit the NOPASSWD directive:
username ALL=(ALL:ALL) /usr/bin/apt,/usr/bin/systemctlUsing the sudoers.d Directory
Instead of editing the main sudoers file, you can create a separate configuration file in the /etc/sudoers.d directory. Files in this directory are automatically included when sudo processes its configuration.
To create a drop-in file for a specific user:
sudo visudo -f /etc/sudoers.d/usernameAdd your rules to this file:
username ALL=(ALL:ALL) NOPASSWD:ALLThis approach makes managing sudo privileges more maintainable. It is common practice to name the file after the username it configures.
/etc/sudoers.d must not contain a dot (.) or end with a tilde (~), or they will be ignored.View User sudo Permissions
To list what sudo commands a user can run, use the -l option:
sudo -l -U usernameThe output shows all allowed and denied commands for that user.
Troubleshooting
“username is not in the sudoers file”
The user is not a member of the sudo group and has no entry in the sudoers file. Add them to the sudo group with usermod -aG sudo username or create a sudoers entry.
Group changes not taking effect
The user must log out and log back in for group membership changes to apply. Alternatively, start a new login shell with su - username.
“sudo: unable to resolve host”
The system hostname is not in /etc/hosts. Add an entry mapping the hostname to 127.0.0.1.
Syntax error in sudoers file
If you edited the sudoers file without visudo and introduced an error, you may lose sudo access. Boot into recovery mode or use pkexec visudo to fix the file.
“sudo: no tty present and no askpass program specified”
This occurs when running sudo in a non-interactive environment (like a script) without NOPASSWD configured. Add NOPASSWD for the specific commands the script needs.
Permission denied on /etc/sudoers.d file
Files in /etc/sudoers.d must have mode 0440. Set the correct permissions:
sudo chmod 0440 /etc/sudoers.d/usernameFAQ
What is the difference between the sudo group and the sudoers file?
The sudo group is a convenient way to grant full sudo access to multiple users. The sudoers file provides fine-grained control, allowing you to specify which commands a user can run, whether a password is required, and other security policies.
Do I need to restart after adding a user to the sudo group?
No system restart is required, but the user must log out and log back in for the group membership to take effect.
Is passwordless sudo safe?
Passwordless sudo reduces security because anyone with access to the user account can run commands as root without authentication. Use it only for service accounts or automated processes, and limit it to specific commands when possible.
Can I grant sudo access to a group instead of a user?
Yes. Use the % prefix to specify a group in the sudoers file. For example, %developers ALL=(ALL:ALL) ALL grants sudo access to all members of the developers group.
How do I remove sudo access from a user?
Remove the user from the sudo group with sudo deluser username sudo (or gpasswd -d username sudo). If they have a sudoers file entry, delete it with sudo rm /etc/sudoers.d/username or remove the line from /etc/sudoers using visudo.
What happens if I make a syntax error in the sudoers file?
If you use visudo, it will detect the error and refuse to save the file. If you edited the file directly and introduced an error, sudo may stop working entirely. Use recovery mode or pkexec to fix it.
Conclusion
For day-to-day work, add the user to the sudo group with usermod -aG sudo username and have them log out and back in. Reach for visudo and /etc/sudoers.d only when you need to scope sudo to specific commands or set up passwordless access for a service account, and keep one drop-in file per user so the rules stay easy to audit.
If you also manage groups beyond sudo, see our guide on adding a user to a group in Linux .
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page