You try to run a sudo command, and you get an error message:
user is not in the sudoers file.
So… how do you solve this? How do you allow a user to run sudo commands? Otherwise said, how do you grant a user sudo access?
Add User to sudoers File?
With the error above, user is not in the sudoers file, the solution seems obvious. You just add the user to the sudoers file, right? Actually, no. But why not? Because editing that sudoers file is (somewhat) complicated. And there's a much, much easier way!
For reference, the sudoers file, located at /etc/sudoers, looks like this:
And that's just a part of it.
To allow a user called "john" to run sudo commands, you would need to add a line like this to the sudoers file:
john ALL=(ALL:ALL) ALLHowever, the easier way is to just add this user to a group called sudo or wheel. Let's explore this method.
Prerequisites
Are you logged in as a user that can already run sudo commands? And you want to grant sudo privileges to a different user? Then you're good to go. Jump to the next section.
But if your current user cannot run sudo commands, then you need to get some administrative super powers somehow. There are usually two solutions:
- First, log in as the user called "root".
- Or, if you already have another user that can run sudo commands, then log in as that sudo-privileged user; before continuing with the steps in this tutorial.
If it's a VPS, or compute instance running in the cloud, they usually have one of these available. Either you'll be able to log in as root with an ssh [email protected] command. Where you replace 203.0.113.10 with the actual IP of your server.
Or you'll be able to log in as some other user with a command like ssh [email protected]. Where the user called "john" can already run sudo commands.
ssh [email protected] directly from Windows' Command Prompt. It's not required to install PuTTY anymore. SSH is available out-of-the-box on modern Windows editions (even on the older Windows 10).Add User to Sudoers on Debian, or Ubuntu
There's a special group called sudo on Debian, and Ubuntu systems. And other operating systems based on Debian, or Ubuntu: Linux Mint, MX Linux, Pop!_OS, elementary OS, Zorin OS, and many others.
If a user is part of that sudo group it will be allowed to run sudo commands. So all you need to do is add a user to the sudo group.
Let's say you're logged in as root. And you want to grant sudo privileges to a user called jane. All you need to do is add jane to the sudo group with a command like this:
gpasswd -a jane sudoIf you're not logged in as root, but rather another user that can already run sudo commands, use this instead:
sudo gpasswd -a jane sudo-a is an option you pass to the gpasswd command to tell it to add a user to a certain group.
Replace jane with the actual username you want to grant sudo privileges to.
After running either command you'll see this message pop up:
Adding user jane to group sudo
This confirms that your user has been added to the group called sudo. And the user can now run sudo commands.
Add User to Sudoers on RHEL, CentOS, Rocky Linux
Unlike Debian, Ubuntu, and derivatives, the operating systems from the RHEL family use a different group for granting sudo superpowers: The group called wheel.
To grant sudo privileges to a user called "jane" on these operating systems, you need to add the user to the wheel group.
If you're logged in as the administrative user root, run this command:
gpasswd -a jane wheelReplace jane with the actual username you need.
If you're not logged in as root, but rather as a user that already has sudo privileges, just add sudo in front of the previous command:
sudo gpasswd -a jane wheel
You should see a confirmation message that the user was added to the wheel group.
Adding user jane to group wheelTroubleshooting Steps: User in sudo / wheel Group Cannot Use sudo Commands
On most Linux-based operating systems, the commands above will work. But there can be exceptions, especially in cloud environments, when the operating systems are configured in a different, non-default way (minimal installs and cloud-specific customizations).
And just in case you just added a user to sudo, or wheel, and that user is logged in, see the note above (log out and log in from that user session).
Step 1: Is Sudo Installed?
sudo, the command, is an actual program, included in a software package; with libraries, documentation, and everything else it needs. And you might encounter a server where this software package is simply not installed.
To find out if the sudo package is missing simply run this command:
sudo ls
If you get a Command sudo not found error, it means the sudo package is not installed.
To install sudo on Ubuntu, Debian, and similar operating systems, you should log in as the root user, and then run:
apt update && apt install sudoThis is actually a chain of two commands. apt update will refresh the list of available packages (pulls in information, from online servers, about the latest software available). And then the second command, apt install sudo installs the sudo package.
To install sudo on RHEL, Rocky Linux, CentOS, or similar, log in as root, and then run this command instead:
dnf install sudo
Type y to confirm, then press Enter, and you're good to go; sudo is now installed.
Step 2: Added User to Wheel Group, But I Still Can't Run Sudo Commands
So, sudo is installed. You also added your user to the wheel group. You even got a confirmation that the user was added to the wheel group:
Even logged out from that user account, and then logged back in. And, still, you cannot run sudo commands.
When you try to run a sudo command you get an error message like this:
user is not in the sudoers file. This incident will be reported.
The reason why this happens is quite simple. In a way, you need to "enable" the sudo privileges granted by the wheel group. Sometimes it's just not "turned on" by default. Meaning that you can add users to the wheel group, but it has no special effect (grants no sudo privileges) until you enable this behavior.
There's a configuration file called sudoers. The location of this sudoers file is: /etc/sudoers. And there's a line of text in here that functions as that "enable / disable button" for sudo privileges for users in the wheel group. In this case, this "button" is set to "off".
To fix this, first log in as the root user. Then run this command:
visudoA text editor called "vim" will pop up. And you'll see the contents of the /etc/sudoers file.
Press the Page Down key to scroll down until you see this line:
# %wheel ALL=(ALL) ALLNOPASSWD.
That first character, # is commenting the line. Otherwise said, the # at the beginning makes that line inactive. So # is the character we need to remove to make the line active.
Press i to enter insert mode. You can think of it as "edit mode" in the vim text editor. Only after you press i you can actually start typing text, edit it, and so on.
To confirm that insert mode is active, you should see this -- INSERT -- text at the bottom of the screen:
Now edit that line. The original text on that line is this:
# %wheel ALL=(ALL) ALLAnd you remove the # at the beginning, and the space character after it, so that it becomes this:
%wheel ALL=(ALL) ALLNow the line is finally uncommented, so it becomes active. Any user in the wheel group will now be able to run sudo commands.
To make it clearer what needs to be edited, here's a before and after screenshot.
Before:
After:
After you make the correct edit press ESC (the escape key) to exit from insert mode. The -- INSERT -- text at the bottom of the screen should disappear.
Finally, to save your edited file, type this exact sequence of characters:
:wqThat's colon :, followed by w, and q. It's basically a way to tell the vim text editor: write file, and quit.
You should see the same three characters at the bottom of your screen:
Press Enter, and the file will be saved, then the editor will exit.
Now log in as the user you added to the wheel group and try your sudo commands again. It should work this time.
Optional: Should I Add My User to the sudo Group or wheel Group?
You shouldn't worry about this part.
Let's say you're using a Linux distribution that you're not quite sure about if it's from the Debian / Ubuntu family, or RHEL family.
Well, if that distribution uses the group called "sudo" to grant users sudo privileges, then that group will already exist, but the "wheel" group will be missing. If it's the other way around, "wheel" will exist, and the "sudo" group will be missing.
So just try both commands, if uncertain. Try to add your user to the group called "sudo" first. If it doesn't work (because the group is missing), then try to add it to the group called "wheel".
One of these two commands will work, and the other will fail. But the command that fails doesn't break anything, so you can try both of them without any worry. And see which works.
As a reminder, if logged in as root, the commands are:
gpasswd -a jane sudo
gpasswd -a jane wheelAnd if logged in as a sudo-privileged user:
sudo gpasswd -a jane sudo
sudo gpasswd -a jane wheelOf course, you replace jane with the actual user you want to grant sudo privileges.
And just as an example, if you enter the wrong command, nothing bad happens:
The command just tells you that this particular group does not exist, so it doesn't do anything (no changes).
You can check out this blog if you want to find out more about how to add, or remove users from certain groups on Linux.
Conclusion
That's about it for granting users sudo privileges on Linux. In most cases it's just a matter of adding those users to the special groups that were mentioned, "sudo", or "wheel".
If you want to learn more about Linux we have courses both for beginners, and for intermediate users, so pick whatever interests you from this collection:
Discussion