What is Sudo?

Think of your Linux system like a grand castle. There are many residents – users – each with their own rooms and the freedom to do most things within their own space. But then there are certain areas, the really important bits like the armory, the treasury, or maybe the royal kitchen (system configurations, critical files, and services in computer terms), that you don’t want just anyone messing with. You need guards, or in our digital castle, administrators, who have the authority to access and manage these sensitive areas.

Now, back in the old days of computing (and still sometimes in very specific scenarios), the ultimate guard was the root user. Root is like the king or queen of the castle, with absolute power over everything. They can open any door, change any rule, and essentially do whatever they want.

But, just like giving a royal scepter to every Tom, Dick, and Harriet in the kingdom might lead to chaos, granting root access to everyone is a recipe for disaster in the digital realm. Mistakes happen, malicious software exists, and accidents are always around the corner. Imagine accidentally deleting the castle’s entire defense plan because you had root access and fat-fingered a command – not good.

This is where sudo comes riding in on a white horse, like the knight in shining armor of system administration. sudo stands for "Super User Do," or sometimes jokingly, "Substitute User Do." It's a command that allows you to execute commands with the security privileges of another user, by default, the superuser, or root. It’s like saying, "Hey, for this one command, I need to borrow the king's authority for a moment to get this important task done."

And here’s where our sudo users group enters the stage. Instead of giving root access to everyone, we create a special group of users – the sudo group – whom we trust with this temporary elevated power. Users in this group are allowed to use the sudo command to run administrative tasks when needed, but they are not constantly running as root. This is a principle known as least privilege – grant only the necessary permissions, only when necessary. It's like giving the royal kitchen staff a special key that only works for the kitchen door and only when they need to cook a royal meal, not a master key to the entire castle all the time.

So, how do we actually get this setup in our Linux kingdom? Let’s break it down into a few key steps, starting from the very beginning – creating a new resident in our digital castle.

Step 1: Creating a User – Welcoming a New Resident

Before we can make someone a sudo user, we need… well, a user! Creating a user in Linux is a fundamental task, and it’s surprisingly straightforward. We’ll use the command adduser. Think of adduser as the official welcoming committee of your Linux system. It’s a friendly tool that guides you through the process of creating a new user account, setting up their home directory, and getting them ready to become a productive member of your system.

Open up your terminal, and if you're not already root (or a sudo user yourself), you'll need to become root to manage users. You can typically do this by typing su - and entering the root password (if you have one set) or by using sudo su - if you're already a sudo user. Once you have root privileges, you're ready to create a new user.

Let’s say we want to create a user named "techie." At the prompt, you would type:

# adduser techie

Hit enter, and adduser will spring into action, asking you a series of questions to set up the new user account. It’s like filling out a simple registration form.

First, it will prompt you to enter a new UNIX password. This is the password that "techie" will use to log in. Type in a strong, memorable password (but don’t forget it!), and then you’ll be asked to retype it for verification. Remember, passwords are like the keys to their room in our castle – make them strong and secure!

Adding user `techie' ...
Adding new group `techie' (1001) ...
Adding new user `techie' to group `techie' ...
Creating home directory `/home/techie' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:

After setting the password, adduser will then ask for some optional user information. This is often referred to as GECOS information, and it includes things like:

Full Name:
Room Number:
Work Phone:
Home Phone:
Other:
Is the information correct? [Y/n]

These are all optional fields. You can just press Enter for each one to skip them if you don’t need to fill them in. They are mostly for informational purposes and might be used by certain system tools, but for basic user creation, they aren’t essential. Finally, you’ll be asked to confirm if the information is correct. Type y and press Enter to finalize user creation.

Behind the scenes, adduser is doing several important things:

• Creating a User Account: It adds an entry for the user "techie" in the system’s user database (/etc/passwd and /etc/shadow).
• Creating a Group: It typically creates a new group with the same name as the user (techie in this case) and adds the user to this group. This is the user’s primary group.
• Creating a Home Directory: It creates a home directory for the user, usually in /home/techie. This is their personal workspace where they can store their files and configurations.
• Copying Skeleton Files: It copies files from /etc/skel to the user’s home directory. These are skeleton configuration files that provide a basic environment for new users (like default shell configuration files, etc.).

And just like that, you've created a new user! "techie" is now a resident of your Linux castle, ready to explore their own allocated space.

Step 2: Setting a Password for a User – Securing the Room

We already set a password during the adduser process, but what if you need to change a user’s password later, or what if you skipped setting a password during user creation for some reason (though adduser usually prompts for one)? That’s where the passwd command comes in. passwd is specifically designed for changing or setting user passwords.

To change the password for the user "techie," you would use the passwd command followed by the username:

# passwd techie

Again, you’ll need to be root or have sudo privileges to change another user’s password. If you are logged in as the user "techie" themselves, you can change your own password simply by typing passwd without a username, and it will prompt you for your current password and then the new password.

When you run passwd techie, it will ask you to enter the new password for "techie," and then retype it for confirmation. Just like with adduser, choose a strong and secure password!

Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

passwd is a simple but crucial command for maintaining user account security. Regularly changing passwords and enforcing strong password policies are essential security practices. Think of passwd as the locksmith of your Linux castle, ensuring that each resident has a secure key to their own room and that you, as the administrator, can manage those keys effectively.

Step 3: The sudo Users Group – Granting Special Privileges

Now we arrive at the heart of our mission – adding a user to the sudo users group. But first, let's understand what this group actually is. In most common Linux distributions (like Ubuntu, Debian, Fedora, CentOS, etc.), there's a pre-defined system group called sudo. Membership in this group is what grants users the ability to use the sudo command.

The magic happens because of a configuration file called /etc/sudoers. This file is the central control panel for sudo. It defines who can use sudo, which commands they can run with sudo, and under what conditions. While you can directly edit this file, it’s highly discouraged to edit it directly with a regular text editor. Incorrect syntax in /etc/sudoers can lock you out of using sudo entirely, which can be a real headache. Instead, you should always use the visudo command to edit this file. visudo is a special editor that checks the syntax of the /etc/sudoers file before saving it, preventing you from accidentally breaking your sudo configuration.

However, for simply adding a user to the sudo group, we usually don’t need to directly edit /etc/sudoers (at least in basic setups). By default, many systems are configured to grant sudo privileges to any user who is a member of the sudo group (or sometimes the wheel group on older systems, but sudo is more common now).

To add our user "techie" to the sudo group, we use the usermod command. usermod is a versatile tool for modifying user account properties, including group memberships. We'll use the -aG option, which stands for "append to groups." This option adds the user to the specified group(s) without removing them from any groups they are already in. We want to add "techie" to the sudo group, so the command is:

# usermod -aG sudo techie

Let’s break down this command:

• usermod: The command itself, for modifying user accounts.
• -aG: Options. -a means "append," and -G specifies that we are modifying the supplementary group list.
• sudo: The name of the group we want to add the user to.
• techie: The username of the user we want to modify.

Run this command as root (or with sudo if you are already a sudo user). After running this command, "techie" is now a member of the sudo group!

Conclusion

As you may have noticed, sudo is so much powerful and I hope this article helped you understand how to use sudo and what it can do.

This article was written by Ahmad Adel. Ahmad is a freelance writer and also a backend developer.