So far I have found four different ways to add a user to the sudoers group and not all methods work in all systems.
Why so many different implementations?
What is the best?
What is the standard (i.e. work in most systems)?
Different implementations:
- Adding the user to the 'wheel' group.
- Adding the user to the 'sudo' group.
- Editing the file /etc/sudoers
- Editing the file /etc/sudoers using visudo
Best Answer
There are two (main) ways you can authorize a user to run commands as root via sudo:
The way to declare “Alice is a sysadmin” is to make her a member of the sysadmins group, but there is no standard name for the sysadmins group (nor any obligation that there is a sysadmins group). Some traditional Unix systems have a group called
wheel
, but often being in the wheel group is only a prerequisite for becoming root, and the user must also know the root password and runsu
(that's how BSD uses it, in particular). Some distributions, such as Ubuntu and Debian, include a group calledsudo
and a rule “members of the groupsudo
may run command as root” in their default configuration.If
/etc/sudoers
(or a file in/etc/sudoers.d
) contains a line like%sudo ALL=(ALL:ALL) ALL
, then you can make a user a sudoer by adding them to thesudo
group (adduser alice sudo
). The namesudo
isn't magical, you just have to match the entry in/etc/sudoers
.Never edit
/etc/sudoers
(or a file under/etc/sudoers.d
) directly: if you make a syntax error, you would lock yourself out of root access. Always usevisudo
to edit that file. To choose the editor thatvisudo
runs, set theVISUAL
environment variable (orEDITOR
, as long asVISUAL
is unset). On a multiuser machine, usingvisudo
has the additional advantage that it takes care of locking in case two administrators edit the file at the same time.