What is the best way to add a user to the sudoer group?
There are two (main) ways you can authorize a user to run commands as root via sudo:
- declare that “Alice may run commands as root”;
- declare that “Alice is a sysadmin” and that “sysadmins may run commands as root”.
The way to declare “Alice is a sysadmin” is to make her a member of the sysadmins group, but there is no standard name for the sysadmins group (nor any obligation that there is a sysadmins group). Some traditional Unix systems have a group called wheel
, but often being in the wheel group is only a prerequisite for becoming root, and the user must also know the root password and run su
(that's how BSD uses it, in particular). Some distributions, such as Ubuntu and Debian, include a group called sudo
and a rule “members of the group sudo
may run command as root” in their default configuration.
If /etc/sudoers
(or a file in /etc/sudoers.d
) contains a line like %sudo ALL=(ALL:ALL) ALL
, then you can make a user a sudoer by adding them to the sudo
group (adduser alice sudo
). The name sudo
isn't magical, you just have to match the entry in /etc/sudoers
.
Never edit /etc/sudoers
(or a file under /etc/sudoers.d
) directly: if you make a syntax error, you would lock yourself out of root access. Always use visudo
to edit that file. To choose the editor that visudo
runs, set the VISUAL
environment variable (or EDITOR
, as long as VISUAL
is unset). On a multiuser machine, using visudo
has the additional advantage that it takes care of locking in case two administrators edit the file at the same time.