Search our site for answers
Help Docs Server Administration Linux Server Administration Add Users and Grant Root Privileges in Linux

Add Users and Grant Root Privileges in Linux

This guide walks you through adding a new user on a Linux server, setting their password, and granting `sudo` privileges from the command line.
Hosting LAMP Stack Server Management Website Management
4 min read

Introduction

Adding users allows multiple people to log in and work on the server while letting you control their permissions and track changes.

Control Panels

If your server uses a control panel such as cPanel, Plesk, or InterWorx, the best practice is to create users through the panel rather than the command line. This ensures that all required settings, permissions, and directories are configured automatically. For step-by-step instructions, see our guides for cPanel, Plesk, and InterWorx.

Prerequisites

Add a New Linux User

  1. Log into your server as root using your terminal program of choice. If you haven’t logged into your server via SSH before, see Logging into Your Server via Secure Shell (SSH).
  2. Run the command below, make sure to switch “newuser” with your desired username.
adduser newuser

adduser usage
  • Run as root or with sudo to create users.
  • Use descriptive and unique usernames (e.g., jdoe, dbadmin).
  • Keep usernames lowercase with no spaces.
  • To check if a user already exists, run the command: id username
  • By default, a home directory is created for the new user (e.g., /home/newuser).
  • To set a custom home directory, specify that with the –home flag: adduser –home /custom/path newuser
  • To set a specific shell, use the –shell flag: adduser –shell /bin/zsh newuser
  • On some distros, useradd is the alternative low-level command

Update User Password

  1. Run the command below to update the password for the newly created user. When setting a new password, the system will not show what you are typing, this is expected.
passwd newuser

passwd usage
  • Run as root or with sudo to set another user’s password.
  • Command format: passwd username (e.g., passwd newuser).
  • Password input is hidden (nothing appears while typing).
  • Enforce strong passwords — many systems check for length & complexity.
  • Use passwd -l username to lock an account.
  • Use passwd -u username to unlock an account.

Resetting your own password
Running the passwd command without a username, will change your own password.

Grant Root Privileges via Sudo

Elevated privileges
Root privileges allow a user to make any changes they want to the server. Only grant these privileges when absolutely necessary!

Allowing a user to have root privileges means that the user can do anything they want in the server. It is recommended to limit those that have root privileges. We highly recommend giving users access only to the folders and files they need for their work. This is a great security practice, as it helps prevent them from accidentally deleting or changing critical system files.

  1. Grant users the ability to run elevated “root” level commands via sudo by editing the sudo users file. Begin by using the command below.
visudo

  1. Once in this file we will need to search for this line below.
## Allow root to run any commands anywhere
root ALL=(ALL) ALL

  1. Add your new user to this list by typing the letter “i” to insert text. Be sure to add this line below “root ALL=(ALL) ALL”,  replacing ‘newuser’ with the username of who you want to have sudo privileges.
newuser ALL=(ALL) ALL

  1. To finish adding your user to the file, hit the Esc key and then type
:wq

visudo usage

While you can safely edit the sudoers file, check for syntax errors before saving.

Instead of listing users individually, you can add them to the wheel group (on RHEL/CentOS/AlmaLinux) or the sudo group (on Debian/Ubuntu):

usermod -aG wheel newuser     # RHEL-based
usermod -aG sudo newuser      # Debian/Ubuntu

To confirm a user’s group membership run:

groups newuser

Troubleshooting & FAQs

Make sure the user was added to the sudoers file correctly. Run visudo and confirm there’s a line like:

newuser ALL=(ALL) ALL

This means the user hasn’t been granted sudo privileges. Double-check your visudo changes and save again with :wq.

It’s best practice to log in as a normal user and elevate privileges with sudo. This improves security and ensures command usage is logged.

You must fix the sudoers file by logging in as root via SSH (if available) or booting into single-user/recovery mode to correct the syntax. Always use visudo, since it checks syntax before saving.

Was this article helpful?