How to Add Users and Manage sudo Privileges in Ubuntu: A Complete Beginner-Friendly Guide

1 1. Introduction
2 2. Basic Methods for Adding Users
- 2.1 The Difference Between adduser and useradd
  - 2.1.1 The adduser Command
  - 2.1.2 The useradd Command
- 2.2 Choosing Between adduser and useradd
3 3. How to Grant sudo Privileges
4 　
5 4. Verifying sudo Settings and Security Considerations
- 5.1 How to Check sudo Privileges
  - 5.1.1 Using sudo -l
- 5.2 Security Best Practices
6 5. Frequently Asked Questions
7 6. Summary

1. Introduction

Why Manage Users in Ubuntu?

When using Ubuntu or other Linux-based operating systems, situations often arise where you need to add multiple users to the system and assign different permissions to each of them.
For example, when sharing a single PC at home or in the workplace, separating logins for each user allows individual management of files and settings. This helps maintain privacy and prevents potential system issues.

Additionally, by restricting the available features and allowed operations based on the user, you can enhance the overall security of the system.
In particular, Linux is widely used as a server OS in many companies. Server administrators grant administrator privileges only to necessary users and assign standard privileges to others, reducing the risk of system failures caused by unintended operations.

The Importance and Purpose of sudo Privileges

In Ubuntu, the sudo (superuser do) command is used to perform operations that require administrator privileges.
This command temporarily grants administrative rights. General users are not allowed unrestricted system-wide operations; instead, the administrator can define what actions are permitted when elevated privileges are required.

By having sudo privileges, users can perform tasks such as the following:

Installing or removing software
Running system updates
Changing network settings
Adding or removing users and groups

These operations directly affect the core of the system. Incorrect commands may delete important files or introduce security vulnerabilities.
Therefore, sudo privileges must be carefully managed, and only necessary users should be granted access.

Purpose of This Article

This article clearly explains how to add new users in Ubuntu and how to grant those users sudo privileges.
It also covers best practices for managing users with sudo access and highlights important considerations to keep your system secure.

2. Basic Methods for Adding Users

The Difference Between adduser and useradd

To create a new user in Ubuntu, you primarily use one of two commands: adduser or useradd.
Both are used to add users, but their behavior differs slightly, so understanding their characteristics will help you choose the right one.

The adduser Command

The adduser command is the recommended way to add new users in Ubuntu.
It is a higher-level tool compared to useradd, automatically creating a home directory and handling initial configuration.
It also guides users through a simple interactive process, making it beginner-friendly. Here is a basic usage example:

sudo adduser username

After running this command, you will be prompted to enter additional information such as:

Full name
Work and home phone numbers
Other notes

Once the information is entered, the system creates the user’s home directory and completes the basic configuration automatically.

The useradd Command

The useradd command allows more granular control when creating users and is suited for advanced use cases.
It does not automatically configure the environment, so you must specify options to create components like the home directory. Here is an example:

sudo useradd -m username

The -m option creates the user’s home directory. Compared to adduser, useradd is more suitable for automated scripts and scenarios requiring detailed configuration.

Choosing Between adduser and useradd

In most Ubuntu environments, adduser is recommended for quickly adding users. However, useradd is ideal for system administrators or scripts that require fine-grained control.
Understanding the differences will help you manage Ubuntu users effectively.

3. How to Grant sudo Privileges

Adding a User to the sudo Group

In Ubuntu, the standard method for granting administrative privileges is to add a user to the sudo group.
Members of this group can temporarily borrow administrator privileges to execute privileged operations such as configuration changes or software installations.

Command to Add a User to the sudo Group

Using the usermod Command
Run the following command to add a user to the sudo group:

sudo usermod -aG sudo username

The user must log out and log back in for the change to take effect.

Using the gpasswd Command
Another method is to use gpasswd to add the user to the group:

sudo gpasswd -a username sudo

Editing the sudoers File

You can also grant sudo privileges by directly editing the sudoers file.
This file defines which users can execute sudo commands and allows fine-grained privilege control.

Why Use visudo?
Use the visudo command when editing the sudoers file to prevent syntax errors:

sudo visudo

Example of Editing sudoers
Add a line like the following to grant sudo privileges to a specific user:

username ALL=(ALL:ALL) ALL

Allowing Only Specific Commands
You can restrict sudo privileges to allow only certain commands:

testuser ALL=(ALL) /usr/bin/apt

Verifying sudo Privileges

After granting sudo privileges, verify the settings using this command:

sudo -l

4. Verifying sudo Settings and Security Considerations

How to Check sudo Privileges

It is essential to confirm that sudo privileges are correctly applied after configuration.
Because sudo users can perform system-wide operations, verifying these settings helps prevent serious mistakes.

Using sudo -l

Use the following command to list available sudo operations:

sudo -l

If the output shows ALL, the user has access to all sudo commands.

Security Best Practices

When assigning sudo privileges in Ubuntu, consider the following guidelines to maintain security:

Grant Only Necessary Privileges

Limit sudo access to essential users only, reducing the risk of system misuse.

Manage and Back Up the sudoers File

Even though visudo prevents syntax errors, backing up the file before editing adds an extra layer of safety.

Review sudo Usage History

Check the sudo operation history using:

sudo cat /var/log/auth.log | grep sudo

Review Privileges Regularly

As more users gain sudo access, security risks increase. Periodically review and update permissions to keep the system safe.

5. Frequently Asked Questions

sudo Group Settings Not Applied?

If sudo privileges do not apply immediately after adding a user to the group, log out and log back in to activate the changes.

If issues persist, verify group membership using the id command:

id username

How to Remove sudo Privileges

To revoke sudo access, remove the user from the sudo group:

sudo gpasswd -d username sudo

Adding Users to Multiple Groups

You can assign multiple group memberships at once:

sudo usermod -aG group1,group2 username

Allow sudo Only for Specific Commands

Limit sudo access to specific commands using the sudoers file:

username ALL=(ALL) /usr/bin/apt

6. Summary

This article explained how to manage users and permissions in Ubuntu.
Properly adding users and assigning sudo privileges are essential system administration skills.
By keeping the following points in mind, you can improve system security and efficiency:

Choosing the Right User Creation Command
Use adduser for general user creation and useradd for advanced configurations.
Assigning and Verifying sudo Privileges
Add users to the sudo group or edit the sudoers file to grant restricted or full administrative access.
Maintaining Security
Grant access only when necessary and regularly review privileges to keep the system secure.

Mastering these basic techniques will help you operate Ubuntu safely and efficiently.
Use this knowledge to maintain a stable and secure system environment.