On most Linux systems, regular users can’t run administrative commands by default. To allow a user to run those commands, you add them to the sudo group — or define specific permissions directly in the sudoers file. Both methods work, but they serve different purposes.
Two Ways to Add a User to Sudo in Linux
There are two approaches: adding the user to the sudo group (on Debian/Ubuntu) or the wheel group (on RHEL/CentOS/Fedora), or editing the /etc/sudoers file directly for more controlled access. The group method is faster and covers most use cases.
On Debian-based systems, any user in the sudo group can run commands as root. On RHEL-based systems, that group is called wheel. The underlying mechanism is the same.
How to Add an Existing User to the Sudo Group
If the user account already exists, one command is all it takes. Run this as root or as another user with sudo access:
usermod -aG sudo usernameReplace username with the actual account name. The -aG flag appends the user to the group without removing existing group memberships. On RHEL, CentOS, or Fedora, swap sudo for wheel:
usermod -aG wheel usernameThe usermod command modifies the system account files immediately, but the change only takes effect after the user logs out and back in — or starts a new login shell with su - username.
Verify the User Was Added
Run this to confirm group membership:
groups usernameIf sudo (or wheel) appears in the output, the user has sudo access. You can also test it by switching to that user and running a privileged command:
su - username
sudo ls /rootThe first sudo use in a session will prompt for the user’s own password, not the root password.
How to Create a New User with Sudo Access in Linux
To create a fresh account and grant it sudo privileges at the same time, run adduser first, then add it to the group:
adduser newusername
usermod -aG sudo newusernameThe adduser command walks through an interactive setup — it prompts for a password, name, and other optional details. All of those extra fields can be skipped by pressing Enter.
If you want a less interactive approach, useradd does the same job without the prompts, but you’ll need to set a password manually with passwd newusername afterward.
How to Add a User to Sudoers File Directly
For more granular control — like restricting a user to specific commands — edit the sudoers file instead of using the group. Always use visudo for this. It validates syntax before saving, which prevents a broken file from locking everyone out of sudo entirely.
sudo visudoTo grant full sudo access, add this line at the end of the file:
username ALL=(ALL:ALL) ALLThe visudo utility checks for parse errors automatically. A typo in /etc/sudoers without visudo can break sudo access for every user on the system.
Grant Access to Specific Commands Only
To limit a user to particular commands rather than full root access, define only the commands they need:
username ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart nginx, /usr/bin/apt updateThis gives that user permission to restart nginx and run apt updates without a password, while blocking everything else. Use absolute paths to the commands — relative paths can be bypassed.
Using /etc/sudoers.d/ for Cleaner Configuration
Rather than editing the main sudoers file, drop a separate config file in /etc/sudoers.d/. This keeps your changes isolated and easier to remove:
sudo visudo -f /etc/sudoers.d/usernameFiles in this directory get processed after the main file, so they take priority. The filename cannot contain a period or end with a tilde.
Sudo Group vs. Wheel Group in Linux
| Distribution | Group Name | Command |
|---|---|---|
| Ubuntu, Debian, Mint | sudo | usermod -aG sudo username |
| RHEL, CentOS, Fedora, Rocky | wheel | usermod -aG wheel username |
| Arch Linux | wheel | usermod -aG wheel username |
If you’re not sure which group your system uses, check whether sudo or wheel exists with getent group sudo and getent group wheel. One will return output; the other will return nothing. You can try both — adding to a non-existent group will fail without affecting the system.
How to Remove Sudo Access from a User in Linux
To revoke sudo privileges, remove the user from the group:
sudo deluser username sudoOn RHEL-based systems:
sudo gpasswd -d username wheelAfter removal, also check /etc/sudoers and /etc/sudoers.d/ for any direct entries that might still grant access. A user removed from the group but with a remaining sudoers entry will keep their privileges.
Common Errors When Adding a User to Sudo
“user is not in the sudoers file”
This means the user hasn’t been added to the group yet, or the group change hasn’t taken effect. Log out and back in after running usermod. If that doesn’t help, check whether the sudo package is installed — some minimal Linux installs don’t include it. Install it as root with apt install sudo or dnf install sudo.
Group change not taking effect
Group membership updates only apply to new login sessions. If the user is still logged in, they need to either log out and back in, or run su - username to start a fresh login shell.
Syntax error in sudoers file
If you edited /etc/sudoers without visudo and introduced a syntax error, you can recover using pkexec visudo to re-open and fix the file without needing sudo itself.
FAQs
How do I add a user to sudo in Linux?
Run usermod -aG sudo username as root or another sudo user. On RHEL-based systems, replace sudo with wheel. The user must log out and back in for the change to take effect.
What is the difference between the sudo group and the sudoers file?
The sudo group grants full administrative access to all its members. The sudoers file (/etc/sudoers) lets you define per-user rules — including which commands they can run, on which hosts, and whether a password is required.
Do I need to restart the system after adding a user to sudo?
No system restart is needed. The user just needs to log out and log back in, or start a new login shell with su - username, for the group membership change to take effect.
How do I add a user to sudo without editing the sudoers file?
Use usermod -aG sudo username. This adds the user to the pre-existing sudo group, which is already configured in /etc/sudoers to grant full sudo access — no manual file editing required.
How do I check if a user has sudo access in Linux?
Run groups username to see group memberships, or run sudo -l -U username as root to list all sudo permissions defined for that user in the sudoers configuration.
