Testing for Sudo Permissions
Before making any changes, you can first check to see whether you as a user already have sudo permissions by typing:
sudo -l
Type in your password
The above command is to check if you yourself can run sudo. If you’re root however, and want to check if a particular user has sudo, here’s the command:
sudo -U [username] -l
Replace [username] with the name of the user whose permissions you want to check. If sudo permissions do not exist, you should see this:
So once you’ve determined that a specific user can’t run sudo, let’s see now how to obtain that permission.
Using the “visudo” Tool
As with everything in Linux, we can make all the configuration changes via text files. And if we want, we can do the same here. However, this file is rather dangerous to edit manually like any other. The reason is that inconsistencies in this file can seriously mess things up. For example, you don’t want multiple users to edit it simultaneously.
For this reason, there’s a separate tool in Linux for handling the sudoers file called “visudo”. This is just another version of the standard “vi” editing tool, but with some additional features. Its sole purpose is to edit the sudoers file and lock it against multiple editing attempts. Not only that, it performs some basic “sanity checks” and syntax verifications to prevent users from being locked out.
But Why is This File So Important?
Here’s one scenario. One of the first security measures to harden a Linux server is to disable root logins. But before we do that, we must ensure that another user has the ability to run admin commands. If you omit this intermediate step, you’ll suddenly be left in a situation where no one can run admin commands and you’re locked out of root!
So visudo just ensures we didn’t mess stuff up too badly with syntax errors and like.
Adding a Username to visudo
Open the sudoers file by typing:
visudo
Now scroll down all the way till you see this line:
"Allow root to run any commands anywhere"
You should find it somewhere towards the end of the file like this:
It should have the line below it:
root ALL=(ALL) ALL
Now add the following line just below:
[username] ALL=(ALL) ALL
As before, replace [username] with the name of the user to whom you want to give sudo permissions.
Once done, save your changes.
Testing Sudo Permissions
To check if the changes have gone through, re-run the command in the first step. This time, you should see a different message:
As you can see in the screenshot above, I now have the ability to run sudo commands!
