How to Create a New Sudo-Enabled User on Ubuntu Safely

How to Create a New Sudo-Enabled User on Ubuntu Safely

When you’re managing a server, sooner or later you need another user who can run admin commands without sharing the root password. That’s where a sudo-enabled user comes in.

This guide walks you through creating a new user with sudo access on Ubuntu, using the built-in sudo group. No manual editing of /etc/sudoers needed.

Who This Helps and What We’re Doing

This is for you if:

  • You have an Ubuntu server or VPS.
  • You’re currently logging in as root, or you only have one admin user.
  • You want to safely give someone (or yourself) admin rights without breaking the system.

We’ll go through four simple steps:

  1. Log in as root or an existing sudo user.
  2. Create a new user.
  3. Add that user to the sudo group.
  4. Test and verify sudo access.

We’ll also touch a bit on:

  • Why sudo is safer than using root directly.
  • Why you normally shouldn’t touch /etc/sudoers for this.
  • Service accounts that should not have shell access.

Step 1: Log in as Root or an Existing Sudo User

Before you can give someone sudo permissions, you need to already have admin rights yourself.

You should be logged in as one of these:

  • The root user.
  • A user that already has sudo access.

If you’re on a fresh server, many providers give you a root login by default. If you’re already using sudo on another user, that’s even better—stick with that one to avoid using root more than necessary.

Why this matters: Only users with administrative rights can create new users and manage group membership.

Step 2: Create the New User

Now we’ll create a normal user account. On Ubuntu, this is done with adduser.

From your terminal, run:

adduser newusername

Replace newusername with the actual username you want to use.

Ubuntu will walk you through:

  • Setting a password for the new user.
  • Optionally filling in some user info (you can usually just press Enter to skip those).

Why this matters: You first create a regular user account. By default, this user has no admin rights yet—this keeps things safer and more controlled.

Note: If you already have a user that you want to give sudo access to, you can skip this step and go straight to adding them to the sudo group.

Step 3: Add the User to the sudo Group

On Ubuntu, sudo access is controlled by group membership. Users in the sudo group automatically get full administrative privileges.

That means you usually don’t need to edit /etc/sudoers at all.

To add your user to the sudo group, run:

usermod -aG sudo newusername
  • usermod changes user settings.
  • -aG means “append this user to the following group(s)”.
  • sudo is the group that has sudo privileges on Ubuntu.

Why this matters: Group-based access is cleaner and safer than hand-editing sudoers. Ubuntu is already configured so that the sudo group has full admin rights.

Step 4: Verify the User’s Sudo Access

Now let’s make sure everything actually works.

First, switch to the new user:

su - newusername

The - loads the user’s full environment. Once you’re in, run a simple sudo test command—something harmless but privileged, like updating the package list:

sudo whoami

or:

sudo ls /root
  • When prompted, enter the new user’s password (not root’s password).
  • If sudo is set up correctly, the command should run and not give you a permission error.

sudo whoami should output:

root

Why this matters: Testing immediately confirms that the user is properly configured and can use sudo without touching system configs any further.

Understanding sudo vs su (So You Don’t Get Confused Later)

You’ll often see both sudo and su used when people talk about Linux admin work. They are not the same thing.

  • sudo runs a single command with elevated privileges.
  • su switches your shell to another user, often to root.

Key differences:

  • sudo uses the current user’s password and can be logged and audited.
  • su uses the target user’s password (for example, root’s password) and gives you a full session as that user.

This is why modern systems lean heavily on sudo:

  • You don’t have to share the root password with anyone.
  • Each admin uses their own account and password.

And since Ubuntu links admin rights to the sudo group, once your user is in that group, you can run commands like:

sudo apt update
sudo systemctl restart some-service

…without ever logging in as root directly.

Service Accounts and No-Login Users

Not every user on your system should be able to log in and run commands.

For things like automation or system services, it’s common to have service accounts that exist only for a specific purpose, not for human login.

For these accounts, you don’t want interactive shell access. Instead of using a normal shell like /bin/bash, they can be created with a non-login shell such as:

  • /usr/sbin/nologin
  • /bin/false

Why this matters: Preventing interactive logins for service accounts improves security. These users can still be used by services or scripts, but nobody can just SSH in and start running commands as them.

Security Tip: Use the Principle of Least Privilege

Giving someone full sudo access is powerful. That user can basically act as root whenever they want.

The Principle of Least Privilege says: only give the minimum access needed.

So:

  • Don’t add users to the sudo group unless they truly need admin rights.
  • If someone only needs to run a very small set of commands, consider whether they really need full sudo at all.

On Ubuntu, using the sudo group is usually enough for admin users, and you avoid the danger of manually editing /etc/sudoers unless you have a very specific reason.

Quick Recap

To create a new sudo-enabled user on Ubuntu without touching /etc/sudoers:

  1. Log in as root or an existing sudo user.
  2. Create the user:
    bash
    adduser newusername
  3. Add the user to the sudo group:
    bash
    usermod -aG sudo newusername
  4. Test sudo access:
    bash
    su - newusername
    sudo whoami

If that prints root after you enter the new user’s password, you’re done.

Need more help? Check the latest CrushEdge posts.

No Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.