How To Give a Linux User Root-level Access Using sudo

Reading Time: 2 minutes

Linux has a robust permissions system. This is a very good thing, as it enables a clear separation of roles among users, especially between the root user and your average user. Sometimes, though, you might want your average user to have some or all of root's privileges. In Linux, this is accomplished with sudo.

Just How Would I Use sudo Anyway?

In most cases, one simply adds "sudo" in front of a command that needs root privileges. For example, a normal user (here called "example") is not ordinarily able to restart services from the command line: [~]# /etc/init.d/httpd restart
/etc/init.d/httpd: line 15: ulimit: open files: cannot modify limit: Operation not permitted
/etc/init.d/httpd: line 16: ulimit: open files: cannot modify limit: Operation not permitted
/etc/init.d/httpd: line 17: ulimit: open files: cannot modify limit: Operation not permitted
httpd: Could not open configuration file /usr/local/apache/conf/httpd.conf: Permission denied [~]#

If the user had sufficient sudo privileges, he would be able to do so like this: [~]# sudo /etc/init.d/httpd restart [~]#

So How Do I Give a User sudo Access?

In order to give an average user sudo access, you must run the following command as root:

root@host [~]# visudo

This will open the sudoers file in the vi editor. In order to give the user full root privileges, add the following line to the file:

example ALL=(ALL) ALL

If you only want a user to run certain commands as root, you can create a command alias in your sudoers file, like so:

User_Alias ADMINS = example
Cmnd_Alias HTTPD = /etc/init.d/httpd

User_Alias creates a group of users that you can then assign command aliases to. (Additional users can be listed on the same line, separated by commas.) Cmnd_Alias then lists the various commands that the users of that Alias can run. The user alias is then assigned the command alias. The example user is now able to run the apache init script with full root privileges, which allows him to start, stop, and restart apache.

With this configuration, the user will have to type in his own password when he wishes to run sudo. If you don't need the user to type a password every time he runs a sudo command, just replace the last line of the above with:


This should get you started applying sudo privileges to your users. If you have more detailed needs, the man page for sudo is thorough and readable. The sudoers file has a separate man page that details all the configuration options.

Avatar for Patrick Hawkins

About the Author: Patrick Hawkins

Patrick Hawkins is a former Test Engineer and Managed WordPress admin with Liquid Web

Latest Articles

How to install Puppet Server on Linux (AlmaLinux)

Read Article

Deploying web applications with NGINX HTTP Server

Read Article

Email security best practices for using SPF, DKIM, and DMARC

Read Article

Linux dos2unix command syntax — removing hidden Windows characters from files

Read Article

Change cPanel password from WebHost Manager (WHM)

Read Article