Every time I need to create, modify, grant sudo access to users in Linux, I have to search for it.

This is a list of the commands I’ve used in the past.

Will keep updating this so that I don’t have to load a search page every time!

All commands below are run as root user. If I’m not the root user, I need to prefix them with sudo!

add and delete user

There are two commands in Linux to add users – one is useradd and another is adduser!

useradd is the basic command available in all Linux distros.

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$> useradd username
$> useradd username
$> useradd username

This command just adds a user and that’s it. It doesn’t set the password, create the home directory or anything else. There are options to this command which will do these things but then I need to remember them!

Instead of this, I use the adduser command. This is an interactive perl script, which prompts for all the extra info. This sets up the user’s home directory, sets up the password. Essentially, everything I need to get a user into the system.

The way I prefer to remember to use adduser is to keep in mind that I should use the command which starts with the verb!

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$> adduser username
Adding user `temp' ...
Adding new group `temp' (1002) ...
Adding new user `temp' (1001) with group `temp' ...
Creating home directory `/home/temp' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
...
...
$> adduser username Adding user `temp' ... Adding new group `temp' (1002) ... Adding new user `temp' (1001) with group `temp' ... Creating home directory `/home/temp' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: ... ...
$> adduser username
Adding user `temp' ...
Adding new group `temp' (1002) ...
Adding new user `temp' (1001) with group `temp' ...
Creating home directory `/home/temp' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
...
...

Similarly, to remove a user and their home directory

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$> deluser --remove-home username
$> deluser --remove-home username
$> deluser --remove-home username

grant and revoke sudo access to user

To grant sudo access to a specific user

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$> sudo adduser username sudo
$> sudo adduser username sudo
$> sudo adduser username sudo

This adds the user to the sudo group so that they can run all commands with a sudo prefix.

And to revoke sudo access

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$> sudo deluser username sudo
$> sudo deluser username sudo
$> sudo deluser username sudo

This DOES NOT remove the user only their sudo access.

list all sudo users

Reference

To list all users

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$> awk -F':' '{ print $1}' /etc/passwd
$> awk -F':' '{ print $1}' /etc/passwd
$> awk -F':' '{ print $1}' /etc/passwd

To list all sudo users

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$> grep '^sudo:.*$' /etc/group | cut -d: -f4
$> grep '^sudo:.*$' /etc/group | cut -d: -f4
$> grep '^sudo:.*$' /etc/group | cut -d: -f4

allow sudo access without root

In rare scenarios, it might be required to grant sudo access to a specific user without allowing them access to run root commands.

In this case, the /etc/sudoers file needs to be modified using visudo command.

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
tom ALL=(ALL) NOPASSWD:ALL
tom ALL=(ALL) NOPASSWD:ALL
tom  ALL=(ALL) NOPASSWD:ALL

Now, user tom can run all commands that require privileges by prefixing sudo.

If in rare cases, there is a user and we want tom to have the same capabilities as that user, then this line changes.

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
tom ALL=(oracle) /bin/chown tom *
tom ALL=(oracle) /bin/chown tom *
tom  ALL=(oracle) /bin/chown tom *

Now user tom can run commands which user oracle can run but not the ones which root user has access to. (reference)