Skip to content

Creating a Sudo user account

Introduction

The sudo command allows you to run programs with the security privileges of another user (by default, as the superuser). It prompts you for your password and confirms your request to execute a command by checking if you are allowed to use sudo or not.

Creating a new user

Using the adduser command you should create a user account for the Linux vps you are on.

adduser username

Warning

Be sure to replace username with the user that you want to create.

You then want to set a password which you will need to type twice, keystrokes aren't logged for security purposes so do not be alarmed if you do not see anything happening on the screen.

The set password prompts:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

After setting a password you will be asked to fill in some basic user information, this is completely optional so you can just click enter a couple of times!

User information prompts:
Changing the user information for username
Enter the new value, or press ENTER for the default
    Full Name []:
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n]

Warning

Make sure to type in Y and click enter otherwise you will have to redo the user information prompt!

Granting user sudo

Now we have added a user that you can log in into via ssh, it is now time for us to allow the user to use sudo. We will be using the usermod command to add username to the sudo or wheel group.

Debian Based (Debian, Ubuntu)

usermod -aG sudo username

RHEL Based (RHEL, CentOS)

usermod -aG wheel username

Now we will test that if the user we have added is allowed to use sudo or not. Use the su command to log in to the username you have selected.

su - username

As you want to check if you have sudo you should run the command below to effectively test if you have sudo or not.

sudo ls /root

Since only root can read that directory you would require to be either root or have sudo to access the directory.

Response if you have sudo:

user@server:~$ sudo ls /root
[sudo] password for user:

file1 file2 fil3

Response if you don't have sudo:

user@server:~$ sudo ls /root
[sudo] password for user:

user is not in the sudoers file. This incident will be reported.