How to Create a sudo User on Debian
The sudo command (short for Super-user do) is a program designed to allow users to execute commands with the security privileges of another user, by default the root user.
In this guide, we will show you how to create a new user on a Debian system and give it sudo access. The steps work on Debian 11, 12, and 13.
You can use this user account to execute administrative commands without a need to log in to your Debian server as a root user.
Quick Reference
| Command | Description |
|---|---|
adduser username | Create a new user interactively |
usermod -aG sudo username | Add an existing user to the sudo group |
su - username | Switch to the new user |
sudo whoami | Verify that sudo access works |
visudo | Safely edit the sudoers file |
groups username | Check which groups a user belongs to |
Create a sudo User
Follow the steps below to create a new user account and give it sudo access. If you want to configure sudo for an existing user, skip to step 3.
1. Log in to your server
First, log in to your system as the root user:
ssh root@server_ip_address2. Create a new user account
Create a new user account using the adduser command. Remember to replace username with your desired user name:
adduser usernameThe command will prompt you to set and confirm the new user password. Make sure that the password for the new account is as strong as possible (combination of letters, numbers and special characters).
Adding user `username' ...
Adding new group `username' (1001) ...
Adding new user `username' (1001) with group `username' ...
Creating home directory `/home/username' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfullyOnce you set the user password the command will create a home directory for the user, copy several configuration files in the home directory and prompt you to set the new user’s information. If you want to leave all of this information blank just press ENTER to accept the defaults.
Changing the user information for username
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]3. Add the user to the sudo group
By default on Debian systems, members of the group sudo are granted sudo access. To add a user to the sudo group use the usermod
command:
usermod -aG sudo usernameThe change takes effect the next time the user logs in.
Edit the sudoers File Directly
An alternative to adding a user to the sudo group is to grant privileges directly in the /etc/sudoers file. Always use visudo to edit this file — it validates the syntax before saving and prevents a broken sudoers file from locking you out of the system.
visudoAdd the following line at the end of the file, replacing username with the actual username:
username ALL=(ALL:ALL) ALLSave and exit. The user can now run any command with sudo without being a member of the sudo group.
Test the sudo Access
Switch to the newly created user:
su - usernameUse the sudo command to run the whoami command:
sudo whoamiIf the user has sudo access then the output of the whoami command will be root:
rootHow to Use sudo
To use sudo, simply prefix the command with sudo and a space:
sudo ls -l /rootThe first time you use sudo in a session, you will be prompted to enter the user password:
[sudo] password for username:Troubleshooting
User is not in sudoers file
The user was not added to the sudo group, or the change has not taken effect yet. Verify group membership with groups username. If the sudo group is missing, run usermod -aG sudo username as root, then have the user log out and log back in.
sudo is not installed
On minimal Debian installations sudo may not be present. Install it as root with apt install sudo, then add the user to the sudo group.
sudo access not working after usermod
The user must start a new login session for the group change to take effect. Log out completely and log back in, or use su - username to open a fresh session.
FAQ
What is the difference between adding a user to the sudo group and editing sudoers?
Adding to the sudo group (usermod -aG sudo) is the standard Debian method and applies the same privileges to all group members. Editing /etc/sudoers with visudo gives you finer control — for example, you can limit a user to specific commands or allow passwordless sudo for certain tasks.
How do I remove sudo access from a user?
To remove a user from the sudo group, run gpasswd -d username sudo as root. To remove a sudoers file entry, open the file with visudo and delete the corresponding line.
Does this work on Debian 11, 12, and 13?
Yes. The adduser, usermod, and visudo commands work the same across all current Debian releases. The sudo group is the default mechanism on all of them.
How do I check which users have sudo access?
Run getent group sudo to list all members of the sudo group. For sudoers file entries, review the file with visudo or cat /etc/sudoers.
Conclusion
You have learned how to create a user with sudo privileges on Debian using either the sudo group or the sudoers file. For day-to-day use, the usermod -aG sudo approach is the simplest. Use visudo when you need per-command or passwordless sudo rules.
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page