{"id":16337,"date":"2019-04-04T10:37:47","date_gmt":"2019-04-04T10:37:47","guid":{"rendered":"https:\/\/www.hostinger.com\/tutorials\/?p=16337"},"modified":"2026-03-09T19:19:36","modified_gmt":"2026-03-09T19:19:36","slug":"sudo-and-the-sudoers-file","status":"publish","type":"post","link":"\/ng\/tutorials\/sudo-and-the-sudoers-file","title":{"rendered":"How to edit the sudoers file to obtain and manage root privileges"},"content":{"rendered":"<?xml encoding=\"utf-8\" ?><p>The <strong>sudoers<\/strong> file is a critical configuration file in Linux and Unix-like operating systems that controls user privileges. It defines who can execute commands as the <strong>superuser<\/strong>, providing a secure way to manage administrative rights.<\/p><p>System administrators can configure the <strong>sudoers<\/strong> file to let specific users or groups run commands with elevated privileges, but improper changes can lead to serious security risks or system malfunctions.<\/p><p>In this article, you&rsquo;ll learn how to edit the <strong>sudoers<\/strong> file and manage user privileges safely.<\/p><p>\n\n\n\n<\/p><h2 class=\"wp-block-heading\" id=\"h-prerequisites\">Prerequisites<\/h2><p>Before editing the <strong>sudoers<\/strong> file, ensure you have the right tools and access. Below are the essential prerequisites:<\/p><ul class=\"wp-block-list\">\n<li><strong>Linux<\/strong>. The <strong>sudo<\/strong> command and the <strong>sudoers <\/strong>file are used to manage Linux-based systems, such as a <a href=\"\/ng\/tutorials\/what-is-vps-hosting\">virtual private server (VPS)<\/a>. If you don&rsquo;t have one, consider <a href=\"\/ng\/vps-hosting\">getting a VPS plan from Hostinger<\/a>. This way, you can test configurations remotely with administrative permissions.<\/li>\n\n\n\n<li><strong>SSH access<\/strong>. If you work on a VPS, you need <a href=\"\/ng\/tutorials\/ssh-tutorial-how-does-ssh-work\">Secure Shell (SSH)<\/a> access to securely connect and manage the system.<\/li>\n\n\n\n<li><strong>Command-line operations<\/strong>. You will need to use the command-line interface (CLI) to configure the <strong>sudoers<\/strong> file. Ensure you understand <a href=\"\/ng\/tutorials\/linux-commands\">basic Linux commands<\/a> and navigation to avoid mistakes and keep operations smooth.<\/li>\n\n\n\n<li><strong>visudo command<\/strong>. Using <strong>visudo<\/strong> is the safest way to edit the <strong>sudoers<\/strong> file. It typically comes pre-installed on most <a href=\"\/ng\/tutorials\/best-linux-distro\">Linux distributions<\/a>. If <strong>visudo <\/strong>is not available, you can install it with:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo apt install sudo &nbsp; # Debian or Ubuntu<\/pre><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo dnf install sudo &nbsp; # CentOS, Fedora, or Rocky Linux<\/pre><?xml encoding=\"utf-8\" ?><figure class=\"wp-block-image size-large\"><a class=\"hgr-tutorials-cta hgr-tutorials-cta-vps-hosting\" href=\"\/ng\/vps-hosting\" target=\"_blank\" rel=\"noreferrer noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"300\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/public\" alt=\"\" class=\"wp-image-77934\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=1024,fit=scale-down 1024w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=150,fit=scale-down 150w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=768,fit=scale-down 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure><h2 class=\"wp-block-heading\" id=\"h-understanding-the-sudoers-file\">Understanding the sudoers file<\/h2><p>To safely modify user privileges on a Linux system, you must understand how the <strong>sudoers<\/strong> file works.<\/p><p>This file is located at <strong>\/etc\/sudoers<\/strong> and is used by the system to control which users and groups have <strong>sudo<\/strong> privileges. It specifies who can execute commands as certain users, along with any restrictions and security policies that apply.<\/p><p>The <strong>sudoers<\/strong> file is structured with a specific syntax that must be strictly followed. Here&rsquo;s what a typical rule looks like:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[user] [host] = ([runas_user]) [commands]<\/pre><ul class=\"wp-block-list\">\n<li><strong>[user]<\/strong>. The user or group to which the rule applies.<\/li>\n\n\n\n<li><strong>[host]<\/strong>. The host on which the command can be run &ndash; usually set to <strong>ALL<\/strong>.<\/li>\n\n\n\n<li><strong>([runas_user])<\/strong>. The user as whom the command can be run &ndash; often set to <strong>ALL<\/strong>.<\/li>\n\n\n\n<li><strong>[commands]<\/strong>. The specific commands that the user is allowed to execute.<\/li>\n<\/ul><p>For instance, <strong>john ALL=(ALL:ALL) ALL<\/strong> allows the user <strong>john<\/strong> to execute any command as any user on any host.<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-edit-the-sudoers-file\">How to edit the sudoers file<\/h2><p>This section will explain how to edit the <strong>sudoers<\/strong> file using <strong>visudo<\/strong>. To start, open your terminal or an <a href=\"\/ng\/tutorials\/how-to-use-putty-ssh\">SSH client application like PuTTY<\/a>. Hostinger VPS customers can also access their server using our built-in <strong>Browser terminal<\/strong> feature. <\/p><p>To do so, simply open your Hostinger account and go to <strong>VPS &rarr; Manage<\/strong>. Then, click <strong>Browser terminal <\/strong>on the top right corner, and you will log in to your server automatically. <\/p><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"69e1ae2802f36\"}' data-wp-interactive=\"core\/image\" class=\"aligncenter size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1460\" height=\"535\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/public\" alt=\"The Browser terminal button on hPanel\" class=\"wp-image-125795\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=1460,fit=scale-down 1460w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=1024,fit=scale-down 1024w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=150,fit=scale-down 150w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=768,fit=scale-down 768w\" sizes=\"auto, (max-width: 1460px) 100vw, 1460px\" \/><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>That&rsquo;s it! Now, you can start running commands on your VPS. <\/p><h3 class=\"wp-block-heading\" id=\"h-using-visudo\">Using visudo<\/h3><p>As previously explained, <strong>visudo<\/strong> is the safest and most recommended method for editing <strong>sudoers<\/strong> files in Linux. <strong>visudo<\/strong> locks the file while you edit it, preventing others from making changes and causing conflicts.<\/p><p>Additionally, <strong>visudo<\/strong> provides a safer environment by checking for possible syntax errors before saving changes, minimizing the risk of losing <strong>sudo<\/strong> access entirely or locking yourself out of the system.<\/p><p>Follow these steps to open and navigate the <strong>sudoers<\/strong> file using <strong>visudo<\/strong>:<\/p><ol class=\"wp-block-list\">\n<li>Switch to the <strong>root<\/strong> user and run <strong>visudo<\/strong> with these commands:<\/li>\n<\/ol><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo -i\n\nvisudo<\/pre><p>If you don&rsquo;t want to switch to <strong>root<\/strong>, run the command with <strong>sudo<\/strong> permissions:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo visudo<\/pre><p>The above commands will open the <strong>sudoers<\/strong> file with the default terminal editor, either <a href=\"\/ng\/tutorials\/how-to-install-and-use-nano-text-editor\">nano<\/a> or <strong>vim<\/strong>.<\/p><ol start=\"2\" class=\"wp-block-list\">\n<li>Use the arrow keys to navigate the file and make the necessary changes.<\/li>\n<\/ol><p><div class=\"protip\">\n                    <h4 class=\"title\">Pro tip<\/h4>\n                    <p> By default, <strong>visudo<\/strong> opens the <strong>sudoers<\/strong> file with the <strong>vim<\/strong> text editor. However, on Ubuntu, <strong>visudo<\/strong> is configured to use <strong>nano<\/strong> instead. <\/p>\n                <\/div>\n\n\n\n<\/p><h3 class=\"wp-block-heading\" id=\"h-adding-a-user-to-the-sudoers-file\">Adding a user to the sudoers file<\/h3><p>To grant users <strong>sudo<\/strong> privileges, add them to the <strong>sudoers<\/strong> file. This allows users to execute commands with elevated privileges, which is essential for performing Linux administrative tasks.<\/p><p>Here are the instructions:<\/p><ol class=\"wp-block-list\">\n<li>Open the <strong>sudoers<\/strong> file using the same <strong>sudo visudo<\/strong> command.<\/li>\n\n\n\n<li>Add the following line to grant a user named <strong>john<\/strong> full <strong>sudo<\/strong> permissions:<\/li>\n<\/ol><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">john ALL=(ALL:ALL) ALL<\/pre><ol start=\"3\" class=\"wp-block-list\">\n<li>You can also add multiple users to the <strong>sudoers<\/strong> file with different permissions tailored to their specific roles, one line per user. For example:<\/li>\n<\/ol><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">john ALL=(ALL:ALL) ALL\n\nsteve ALL=(ALL) NOPASSWD: \/usr\/bin\/apt\n\nmary ALL=(ALL:ALL) \/usr\/sbin\/reboot<\/pre><ul class=\"wp-block-list\">\n<li>The first line grants <strong>john<\/strong> full <strong>sudo<\/strong> access, as explained before.<\/li>\n\n\n\n<li>The second one lets <strong>steve<\/strong> execute the <strong>apt<\/strong> command without being prompted for a password.<\/li>\n\n\n\n<li>The third line permits <strong>mary<\/strong> to reboot the system, but they can&rsquo;t perform any other <strong>sudo<\/strong> actions.<\/li>\n<\/ul><h3 class=\"wp-block-heading\" id=\"h-managing-group-permissions\">Managing group permissions<\/h3><p>Managing user permissions individually in the <strong>sudoers<\/strong> file can be time-consuming and prone to errors, especially when dealing with numerous users. A more efficient approach is to manage permissions using the <strong>sudo<\/strong> group.<\/p><p>It&rsquo;s a Linux system group providing all its members administrative access. By default, users in the <strong>sudo<\/strong> group can execute any command with <strong>superuser<\/strong> privileges without needing to edit the <strong>sudoers<\/strong> file for each one.<\/p><p>To add a user to the <strong>sudo<\/strong> group, use the <strong>usermod<\/strong> command with the <strong>-aG<\/strong> option. Here&rsquo;s how to add a user named <strong>john <\/strong>as an example:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo usermod -aG sudo john<\/pre><p>After that, refresh the user&rsquo;s group membership to gain administrative privileges by logging out of the current session and then logging back in as the newly added user:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">logout\n\nssh john@your_vps_ip<\/pre><p>If logging out is not convenient, switch to the user&rsquo;s account with an updated session with the <strong>su<\/strong> command and enter the correct password:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">su - john<\/pre><h3 class=\"wp-block-heading\" id=\"h-understanding-common-configuration-options\">Understanding common configuration options<\/h3><p>The <strong>sudoers<\/strong> file offers several configuration options that provide flexibility when managing user and group privileges. Understanding these options helps you set clear and concise rules while reducing errors and conflicts.<\/p><p><strong>Defaults<\/strong><\/p><p>The <strong>Defaults<\/strong> option sets default environment variables and behaviors for <strong>sudo<\/strong> operations. These settings apply globally to all users or can be tailored to specific users or groups. For example, <strong>env_reset<\/strong> clears variables to prevent unauthorized access:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Defaults&nbsp; &nbsp; &nbsp; &nbsp; env_reset<\/pre><p><strong>Cmnd_Alias<\/strong><\/p><p><strong>Cmnd_Alias<\/strong> creates aliases for groups of commands. These are variables that represent multiple commands or paths. For instance, <strong>NETWORK_CMDS<\/strong> groups network-related commands, while <strong>ADMIN_CMDS<\/strong> groups administrative commands:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Cmnd_Alias NETWORK_CMDS = \/sbin\/ifconfig, \/sbin\/ip, \/usr\/sbin\/traceroute\n\nCmnd_Alias ADMIN_CMDS = \/usr\/sbin\/useradd, \/usr\/sbin\/userdel, \/usr\/sbin\/visudo<\/pre><p><strong>Host_Alias<\/strong><\/p><p>This option lists the hosts or systems that can run specified commands. It helps when managing permissions across multiple entries for different hosts. Here&rsquo;s an example:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Host_Alias FILE_SERVERS = server1, server2, server3<\/pre><p><strong>User_Alias<\/strong><\/p><p><strong>User_Alias<\/strong> groups multiple users into one alias so you can assign the same privileges to all users in a specific group. In this example, <strong>john<\/strong>, <strong>mary<\/strong>, and <strong>admin<\/strong> are grouped under the alias <strong>ADMINS<\/strong>:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">User_Alias ADMINS = john, mary, admin<\/pre><p><strong>Runas_Alias<\/strong><\/p><p>It specifies which users or groups can be impersonated when running commands. For instance, users can run commands as <strong>root<\/strong> or <strong>operator<\/strong>:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Runas_Alias OP = root, operator<\/pre><p>Here are some practical examples you can follow:<\/p><ul class=\"wp-block-list\">\n<li><strong>Grant specific commands to a group of users<\/strong>. The <strong>ADMINS<\/strong> alias, which includes <strong>john<\/strong> and <strong>mary<\/strong>, can run the commands in <strong>STORAGE_CMDS<\/strong> on all hosts.<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">User_Alias ADMINS = john, mary\n\nCmnd_Alias STORAGE_CMDS = \/bin\/mount, \/bin\/umount\n\nADMINS ALL=(ALL) STORAGE_CMDS<\/pre><ul class=\"wp-block-list\">\n<li><strong>Set up permissions with timeouts<\/strong>. Users running commands under the <strong>NETWORKING<\/strong> alias must re-authenticate after <strong>2<\/strong> minutes.<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Cmnd_Alias NETWORKING = \/sbin\/ifconfig, \/sbin\/ip\n\nDefaults!NETWORKING timestamp_timeout=2<\/pre><ul class=\"wp-block-list\">\n<li><strong>Avoid conflicting values<\/strong>. When creating multiple entries, ensure they don&rsquo;t have clashing values. The example below will conflict, as one requires a password for all commands, while <strong>apt<\/strong> doesn&rsquo;t.&nbsp;<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">john ALL=(ALL) NOPASSWD: \/usr\/bin\/apt\n\njohn ALL=(ALL) PASSWD: ALL<\/pre><h3 class=\"wp-block-heading\" id=\"h-saving-changes\">Saving changes<\/h3><p>After editing the <strong>sudoers<\/strong> file using <strong>visudo<\/strong>, save your changes correctly to ensure they are applied without errors. If you use <strong>nano<\/strong>, press <strong>Ctrl + X &rarr; Y &rarr; Enter<\/strong>. For <strong>vim<\/strong> users, press <strong>Esc<\/strong> to switch to command mode. Then, type <strong>:wq<\/strong> and hit <strong>Enter<\/strong>.<\/p><p>If <strong>visudo<\/strong> detects any syntax errors in the file, it will display a warning message and prompt you to correct them before exiting. Make sure to address any mistakes accordingly.<\/p><p><strong>Testing changes<\/strong><\/p><p>Once you save your changes, test them manually to confirm that the new <strong>sudo<\/strong> configurations work as expected. Make sure to switch to the user whose privileges or configurations you want to verify beforehand:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">su - [username]<\/pre><ul class=\"wp-block-list\">\n<li><strong>Check if the user has the intended privileges<\/strong>. When you add a user to the <strong>sudo<\/strong> group or specify a command alias, run the following command to verify:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo whoami<\/pre><p>If the user has <strong>sudo<\/strong> privileges, the output should be <strong>root<\/strong>.<\/p><ul class=\"wp-block-list\">\n<li><strong>Test user-specific commands<\/strong>. To confirm that a user alias or specific privileges are configured correctly, use a specific match test:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo -l<\/pre><p>This command lists the <strong>sudo<\/strong> privileges available to the user.<\/p><ul class=\"wp-block-list\">\n<li><strong>Check group permissions<\/strong>. After adding users to the <strong>sudo<\/strong> or other admin groups, ensure they have the correct permissions by running a privileged command:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo ls \/root<\/pre><p>Confirm whether the command runs successfully.<\/p><ul class=\"wp-block-list\">\n<li><strong>Verify alias definitions<\/strong>. First, open the <strong>sudoers<\/strong> file to see how the alias is defined. Then, run a command within that alias. For example, if you set <strong>\/sbin\/ifconfig<\/strong> within <strong>NETWORKING<\/strong>, execute:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo \/sbin\/ifconfig<\/pre><h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2><p>Editing the <strong>sudoers<\/strong> file is a powerful way to manage user privileges on a Linux system. However, it requires careful handling to avoid errors that may lead to security risks or loss of access.<\/p><p>In this article, you&rsquo;ve learned how to safely edit the <strong>sudoers<\/strong> file using <strong>visudo<\/strong>, add users with specific privileges, manage group permissions, and understand common configuration options like <strong>Defaults<\/strong> and aliases.<\/p><p>Remember to always double-check your configurations and test them with commands such as <strong>sudo whoami<\/strong>, <strong>sudo -l<\/strong>, and <strong>sudo ls \/root<\/strong> to ensure they work as expected and maintain a stable system for all users.<\/p><h2 class=\"wp-block-heading\" id=\"h-sudoers-file-faq\">Sudoers file FAQ<\/h2><div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1726156477192\"><h3 class=\"schema-faq-question\">What is the purpose of the sudoers file?<\/h3> <p class=\"schema-faq-answer\">The sudoers file controls user permissions for executing commands as root or another user. It defines who can use <strong>sudo<\/strong> and under what conditions, enhancing security by managing administrative access.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1726156481745\"><h3 class=\"schema-faq-question\">Where is the sudoers file located?<\/h3> <p class=\"schema-faq-answer\">The sudoers file is located at <strong>\/etc\/sudoers<\/strong> on most Linux systems. It&rsquo;s a system-wide file that should not be moved or renamed. For more granular control, add specific configuration files in the <strong>\/etc\/sudoers.d<\/strong> directory, which <strong>sudo<\/strong> reads as main file extensions.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1726156487212\"><h3 class=\"schema-faq-question\">How do I open and edit the sudoers file?<\/h3> <p class=\"schema-faq-answer\">Use the <strong>visudo<\/strong> command to open and edit the <strong>sudoers<\/strong> file safely. It provides a secure editing environment by preventing multiple users from editing the file simultaneously, reducing the risk of conflicts and syntax errors.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1726156493087\"><h3 class=\"schema-faq-question\">Can I modify the sudoers file using a text editor?<\/h3> <p class=\"schema-faq-answer\">Directly editing the <strong>sudoers<\/strong> file with a regular text editor is not recommended, as mistakes may compromise your system. Instead, use <strong>visudo<\/strong>, which locks the file and checks for errors before saving any changes.<\/p> <\/div> <\/div><p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The sudoers file is a critical configuration file in Linux and Unix-like operating systems that controls user privileges. It defines who can execute commands as the superuser, providing a secure way to manage administrative rights. System administrators can configure the sudoers file to let specific users or groups run commands with elevated privileges, but improper [&#8230;]<\/p>\n<p><a class=\"btn btn-secondary understrap-read-more-link\" href=\"\/ng\/tutorials\/sudo-and-the-sudoers-file\">Read More&#8230;<\/a><\/p>\n","protected":false},"author":411,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"How to edit the sudoers file in Linux","rank_math_description":"The sudoers file configures the sudo command, enabling authorized users to execute commands as another user. Read this article to learn more.","rank_math_focus_keyword":"sudoers file","footnotes":""},"categories":[22644],"tags":[],"class_list":["post-16337","post","type-post","status-publish","format-standard","hentry","category-vps"],"hreflangs":[{"locale":"en-US","link":"https:\/\/www.hostinger.com\/tutorials\/sudo-and-the-sudoers-file","default":0},{"locale":"es-ES","link":"https:\/\/www.hostinger.com\/es\/tutoriales\/usar-comando-sudo-y-archivo-sudo","default":0},{"locale":"id-ID","link":"https:\/\/www.hostinger.com\/id\/tutorial\/sudo","default":0},{"locale":"en-UK","link":"https:\/\/www.hostinger.com\/uk\/tutorials\/sudo-and-the-sudoers-file","default":0},{"locale":"en-MY","link":"https:\/\/www.hostinger.com\/my\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"en-PH","link":"https:\/\/www.hostinger.com\/ph\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"es-MX","link":"https:\/\/www.hostinger.com\/mx\/tutoriales\/usar-comando-sudo-y-archivo-sudo","default":0},{"locale":"es-CO","link":"https:\/\/www.hostinger.com\/co\/tutoriales\/usar-comando-sudo-y-archivo-sudo","default":0},{"locale":"es-AR","link":"https:\/\/www.hostinger.com\/ar\/tutoriales\/usar-comando-sudo-y-archivo-sudo","default":0},{"locale":"en-IN","link":"https:\/\/www.hostinger.com\/in\/tutorials\/sudo-and-the-sudoers-file","default":0},{"locale":"en-CA","link":"https:\/\/www.hostinger.com\/ca\/tutorials\/sudo-and-the-sudoers-file","default":0},{"locale":"en-AU","link":"https:\/\/www.hostinger.com\/au\/tutorials\/sudo-and-the-sudoers-file","default":0},{"locale":"en-NG","link":"https:\/\/www.hostinger.com\/ng\/tutorials\/sudo-and-the-sudoers-file","default":0}],"_links":{"self":[{"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/posts\/16337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/users\/411"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/comments?post=16337"}],"version-history":[{"count":23,"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/posts\/16337\/revisions"}],"predecessor-version":[{"id":145063,"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/posts\/16337\/revisions\/145063"}],"wp:attachment":[{"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/media?parent=16337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/categories?post=16337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostinger.com\/ng\/tutorials\/wp-json\/wp\/v2\/tags?post=16337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}