So far I have found four different ways to add a user to the sudoers group and not all methods work in all systems.
Why so many different implementations?
What is the best?
What is the standard (i.e. work in most systems)?
Different implementations:
- Adding the user to the ‘wheel’ group.
- Adding the user to the ‘sudo’ group.
- Editing the file /etc/sudoers
- Editing the file /etc/sudoers using visudo
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
There are two (main) ways you can authorize a user to run commands as root via sudo:
- declare that “Alice may run commands as root”;
- declare that “Alice is a sysadmin” and that “sysadmins may run commands as root”.
The way to declare “Alice is a sysadmin” is to make her a member of the sysadmins group, but there is no standard name for the sysadmins group (nor any obligation that there is a sysadmins group). Some traditional Unix systems have a group called wheel, but often being in the wheel group is only a prerequisite for becoming root, and the user must also know the root password and run su (that’s how BSD uses it, in particular). Some distributions, such as Ubuntu and Debian, include a group called sudo and a rule “members of the group sudo may run command as root” in their default configuration.
If /etc/sudoers (or a file in /etc/sudoers.d) contains a line like %sudo ALL=(ALL:ALL) ALL, then you can make a user a sudoer by adding them to the sudo group (adduser alice sudo). The name sudo isn’t magical, you just have to match the entry in /etc/sudoers.
Never edit /etc/sudoers (or a file under /etc/sudoers.d) directly: if you make a syntax error, you would lock yourself out of root access. Always use visudo to edit that file. To choose the editor that visudo runs, set the VISUAL environment variable (or EDITOR, as long as VISUAL is unset). On a multiuser machine, using visudo has the additional advantage that it takes care of locking in case two administrators edit the file at the same time.
Method 2
adduser username sudo works for me — but then, I use Debian which has a sudoers file that defaults to giving everyone in the sudo group sudo access.
Method 3
For Ubuntu I added <somefile> at /etc/sudoers.d/ with the line:
<user> ALL=(ALL:ALL) ALL
Using the command:
visudo -f /etc/sudoers.d/<somefile>
This is recommended because it leaves the /etc/suoders file untouched and thus avoids a conflict (and the required subsequent manual resolution) across upgrades. See: Why /etc/sodoers.d/
Method 4
The method 2 and 4 will work on almost every Linux. Don’t even try to use 3 on working system! It can damage the system. Method 1 can work, but don’t have to.
Why you should use visudo instead of manually editing /etc/sudoers?
Once I had root access I used visudo to fix the sudoers file. Why visudo? Because that’s the program YOU ARE SUPPOSED TO USE. Yes I am a bit angry, because the person that broke this server should have known better. Visudo is a lovely little program that checks the syntax of the sudoers file before you save it so that if you do something monumentally stupid you’ll know about it before it becomes a problem and prevents you from getting back into the system as root.
http://lickthesalt.com/2009/07/06/fail-why-you-should-always-use-visudo/
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0