Adding a new sudoer

I'm trying to give sudo rights to another user on my laptop. I've found the instructions for how to enter visudo and what syntax to use (that took a ridiculous amount of googling, but that's another story).

The trouble is, I can't see my username there at all, so I can't copy the rights I have (which I was hoping to do).

admin group rights are commented out, sudo group rights are also commented out. So there aren't any groups with sudo rights.

I see an include - 'sudoers.d', but I don't want to risk opening that to read it in case it's as vulnerable to errors as 'sudoers'. I gather from looking at some of the other questions here though, that it contains another group 'wheel', which may have sudo rights. But then I saw this comment on one of the threads " Generally, new users are added to the wheel group on manjaro". Which suggests 'wheel' is assigned to all new users and so wouldn't cover what I'm trying to do.

Anyway, I'd appreciate it if someone could clear up my confusion.

  1. Why is my username not in sudoers? What is the purpose of the sudoers.d additional include which I presume contains my username?

  2. Why do most (if not all) guides suggest using USER_NAME ALL=(ALL) ALL (for example the Arch 'sudo' page), when that's not even how the main admin user is enabled?

  3. What is the difference between adding a user via USER_NAME ALL=(ALL) ALL(which seems much more prone to error, and yet is the default advice) and adding a user to the 'wheel'/'admin'/'sudo' group, which seems a lot easier and yet is always demoted to "oh, and you could also..." at the end of the page (not even on the Arch page)?

If you're in the wheel group you don't need to be on the sudoers file, since that file usually gives full admin privileges to the wheel group.

sudoers.d is just an include directory, so the sudoers file doesn't get cluttered. This also allows for you to had and test custom setups without messing with the original file.

This relates to the syntax of the file and default options/aliases. In this sense, ALL means every option available.

Well, the wheel group exists exactly to avoid messing with the sudoers file, which can be tricky to set up. If all you want is to give full admin rights to a users then add it to the wheel group, otherwise you need to fine-grain permissions on the sudoers file or select the groups to which the user will belong. This is where custom groups become handy. It is much better to set a custom group with custom rights and then add required users than to set permission for each user.

5 Likes

In addition to what mbb wrote:
Check what groups you belong to (wheel is a group) with groups USER_NAME
Then you can (as already mentioned) simplify some stuff by adding the USER to whatever group (probably wheel).
Or if you have not yet created that user: useradd -m -G users,wheel,WHATEVER_ELSE_GROUPS_YOU_MIGHT_WANT -s /bin/bash USER_NAME
That would create a user named USER_NAME, add it to a few groups and set the default shell to bash - I would recommend something more useful like zsh but that is your choice...

2 Likes

Thanks guys. That's cleared that up. All done.

1 Like

Forum kindly sponsored by Bytemark