6 Proven Ways to Add Root Permissions to User Linux

Written by

Reviewed by

Last updated: July 11, 2024

Expert verified

SVG Image

TL;DR

To add root permissions to user Linux, follow these steps:

  1. Access your Linux terminal.
  2. Execute sudo visudo to open the sudoers file safely.
  3. Find the user privileges section and add username ALL=(ALL) ALL, replacing username with the actual user’s name.
  4. In nano, press Ctrl+O to save and Ctrl+X to exit.

Gaining full control over your Linux system is essential for tasks like installing new software, managing user accounts, or changing system settings. In this post, I’ll guide you on safely adding root permissions to a user on your Linux system. You’ll learn about root privileges, why they matter, and various methods to grant these permissions. From using the sudo command to directly modifying user permissions, I’ve got you covered. Let’s simplify managing your Linux system.

What Are Root Privileges in Linux?

In Linux, root privileges refer to the highest level of access and permissions granted to a user account. The root user, also known as the superuser, has complete control over the entire system and can perform any administrative task.

Here are some key points about root privileges in Linux:

  1. Unrestricted access: The root user has unrestricted access to all files, directories, and system resources. It can modify system configurations, install or remove software packages, and perform any operation without limitations.
  2. System administration: Root privileges are necessary for performing system administration tasks such as managing user accounts, configuring network settings, updating system packages, and modifying system files.
  3. Executing privileged commands: Certain commands in Linux require root privileges to execute. These commands are typically related to system-wide changes, such as modifying system files, starting or stopping system services, or changing network configurations.
  4. Superuser prompt: When logged in as the root user or using the sudo command to execute commands with root privileges, the command prompt typically changes to a # symbol, indicating that you have superuser privileges.
  5. Potential risks: With great power comes great responsibility. Using root privileges carelessly can lead to system instability, security vulnerabilities, or accidental damage to critical system files. It’s important to use root privileges judiciously and only when necessary.
  6. Sudo command: In many Linux distributions, including Ubuntu, the sudo command is used to temporarily grant root privileges to regular users for executing specific commands. This allows users to perform administrative tasks without logging in as the root user directly.

⚠️ Note: Granting root privileges to a user should be done with caution, as it gives them complete control over the system. It is recommended to only grant root privileges to trusted users who require it for specific tasks.

How to Add Root Permissions to User Linux?

To add root permissions to user linux, you can follow these steps:

  1. Log in as the root user or use sudo to execute commands with root privileges.
  2. Open a terminal window.
  3. Add the user to the sudo group by running the following command:
   usermod -aG sudo username

Replace username with the actual username of the user you want to give root privileges to.

  1. Verify that the user has been added to the sudo group by running:
   grep '^sudo:' /etc/group

The output should show the sudo group with the user’s username included.

  1. The user now has the ability to run commands with root privileges by prefixing the command with sudo. For example:
   sudo command

The user will be prompted to enter their own password to execute the command with root privileges.

👉 If you also want to learn how to add or delete users in Linux, then explore this detailed guide.

1. Using the sudo Command

The sudo command stands for “superuser do” and allows permitted users to execute a command as the root user or another user, as specified by the security policy. The primary configuration file for sudo is /etc/sudoers, which controls the permissions and levels of access each user or group has. Follow these steps to Linux give user root permissions

  1. Access your Linux Terminal.
open terminal
  1. Run the following command:
sudo visudo

This opens the sudoers file in your default text editor, safeguarded against simultaneous edits and syntax errors.

opening sudoers file
  1. To add a user to the sudoers file find the section for user privileges and then add
username ALL=(ALL) ALL

It will grant a user full sudo access. Replace the username with the actual user’s name.

adding user in the sudoers file
  1. Use the save command for your editor. For the nano editor, save the changes by pressing Ctrl+O and exit the editor by pressing Ctrl+X.
saving the changes and exiting

2. The su Command

The su (switch user) command is used to switch the current user context to another user’s environment, including the root user. Here is how to add root privileges to a user Linux:

  1. Launch your terminal.
  2. Switch to the root user by running the following command:
sudo su -

Your environment changes to the root user’s.

switching to root user
  1. Type exit to revert to your original user.
exiting from root user

3. Usermod Command

The usermod command is used to modify a user’s system account. One common use is to add a user to the root group, granting them additional permissions. Here is the step-by-step guide to assign root privileges to user in Linux:

  1. Launch your Terminal application.
  2. To add a user to the root group execute the command: 
sudo usermod -aG root username

Replace the username with the actual user’s name. The -aG option adds the user to the specified group.

adding user to root group
  1. Verify it by running this command: 
grep '^root:' /etc/group

It will show whether the user is added to the group or not.

verifying the user root group

4. Adding User to the wheel Group

The wheel group is a special user group in Linux systems that allows its members to execute administrative tasks typically reserved for the root user. By adding a user to the wheel group, you can grant them elevated privileges without giving them full root access. 

  1. Most Linux distributions have the wheel group pre-configured. To verify its existence, use the following command:
getent group wheel

If the group exists, this command will return details about the wheel group. If not, you may need to create it (though this is rare).

checking the existence of wheel group
  1. Use the usermod command to add a user to the ‘wheel’ group. Replace username with the actual username you want to add.
sudo usermod -aG wheel username

The -aG option appends the user to the specified group without removing them from any existing groups.

adding specific user to wheel group
  1. After adding the user to the ‘wheel’ group, verify the change with:
groups username

This command will list all groups the user is a member of, and ‘wheel’ should be included.

verifying user has been added to wheel group

5. Modifying User Permissions Directly

Directly modifying the /etc/passwd file to grant root access is a method that involves changing the user ID (UID) of a user account to 0, which is the UID reserved for the root user. While this method is straightforward, it carries significant risks, as it grants the user full root privileges, potentially bypassing other security mechanisms.

  1. Before making any changes, create a backup of the /etc/passwd file to avoid accidental misconfigurations.
sudo cp /etc/passwd /etc/passwd.bak
creating backup of etc passwd file
  1. Use a text editor with root privileges to open the /etc/passwd file. For example, using nano:
sudo nano /etc/passwd
opening etc passwd file in nano editor
  1. Find the line corresponding to the user you want to grant root privileges. A typical user entry looks like this:
username:x:1000:1000::/home/username:/bin/bash
locate user you want to grant root privileges
  1. Modify the third and fourth fields (UID and GID) to 0. After modification, the line should look like:
username:x:0:0::/home/username:/bin/bash

This change effectively grants the user root privileges.

granting root privileges to user
  1. Save your changes and exit the editor. In nano, you can do this by pressing CTRL+X, then Y to confirm saving changes, and Enter to exit.
saving and exiting the etc passwd file
  1. Switch to the user account and verify root privileges by executing a command that requires root access:
su - username

whoami

The command whoami should return root, indicating that the user now has root privileges.

verifying that the root privileges are granted

6. Temporary Root Access with pkexec

pkexec allows an authorized user to execute programs as another user, notably the root user, based on the Polkit (PolicyKit) configuration. Unlike sudo, pkexec adheres to policy rules defined in Polkit rather than the /etc/sudoers file. Follow these steps to give root privileges to user Linux:

  1. Open your terminal.
  2. Check if Polkit is installed by typing the command: 
pkexec --version

If you see version information, Polkit is installed. 

verifying installed version of polkit
  1. If not, proceed to install it using your package manager (e.g., sudo apt install policykit-1 for Debian/Ubuntu).
  2. Create a new policy file for your rule. To do so: 
sudo nano /etc/polkit-1/rules.d/10-my-temporary-root-access.rules
  1. Enter the password to proceed.
  1. For granting root access for specific actions, write:
if (action.id == "org.freedesktop.policykit.exec" &&
    subject.user == "yourUsername") {
    return polkit.result.YES;
}

Replace yourUsername with the actual username. This rule allows the specified user to execute commands as root.

defining policy to grant root access
  1. Run a command with root privileges using pkexec:
pkexec visudo

This opens the sudoers file as root, allowing you to edit it.

using polkit as a root privileges
  1. If prompted, authenticate with your user password or according to any configured Polkit authentication method.
authenticating to open file

7 Best Practices for Managing Root Access

Properly managing root access is crucial for maintaining the security and stability of Linux systems. Here are seven best practices to ensure that root privileges are used wisely and securely:

  • 🚫 Limit Root Login: Avoid using the root account for daily operations. Create individual user accounts with specific privileges. This minimizes potential damage from mistakes or malicious actions by limiting access to system-critical functions.
  • 🔑 Use sudo for Privilege Escalation: Utilize sudo to grant users temporary root access for specific tasks. This approach logs all commands, providing an audit trail of root actions, and helps in tracing back any changes or issues.
  • 🛡 Implement Strong Authentication Mechanisms: Enforce strong passwords and consider multi-factor authentication (MFA) for accessing root privileges. Strong authentication mechanisms reduce the risk of unauthorized access.
  • 📜 Regularly Review and Audit Access: Periodically review who has root access and their necessity. Conduct regular audits of root access logs to detect any unauthorized or suspicious activities, ensuring accountability.
  • 🔄 Rotate Credentials Regularly: Change root passwords and SSH keys at defined intervals or after key personnel changes. Regular rotation helps in preventing unauthorized access from old, possibly compromised credentials.
  • 🔐 Limit Remote Root Access: Disable remote root login via SSH to prevent direct access to root over the network. Require users to log in using their non-privileged account and elevate to root locally as needed.
  • 🚦 Implement Least Privilege Principle: Grant users only the permissions necessary for their role. Avoid granting broad root access when more restricted permissions would suffice, minimizing potential damage from errors or malicious actions.

Tools and Utilities for Managing User Permissions

Managing who can do what on your Linux system is very important for keeping it safe and running smoothly. Here are two tools that can help you control user permissions effectively:

1. SELinux (Security-Enhanced Linux)

SELinux is like a security guard for your Linux system. It comes built into some Linux versions and adds extra protection. SELinux uses rules to control how programs and users access files and other resources. Think of it as setting up a list of who can do what on your computer. For example, even if someone is a superuser (like an admin), SELinux can stop them from doing things that could harm your system. It’s great for preventing accidents and stopping hackers.

2. AppArmor

AppArmor is another tool that acts like a security guard, but it’s a bit simpler to use than SELinux. It also comes with some Linux versions. AppArmor focuses on keeping programs in check, making sure they only access files and resources they’re supposed to. This way, even if a program or a user tries to do something they shouldn’t, AppArmor steps in to stop it. It’s like having a personal assistant who makes sure everyone follows the rules in your office.

Give User Root Permissions Linux: Final Thoughts

Granting root privileges in Linux is essential for managing your system’s security and functionality. In this guide, I’ve covered safe methods like the sudo command, su, and the wheel group with step-by-step instructions.

If you want to learn more, I suggest exploring:

  • How to unlock and lock user accounts, which will help you manage user access more effectively and ensure that only authorized users have access to your system.
  • Switching users effectively, which can streamline your administrative tasks by allowing you to quickly change user contexts without logging out.
  • Mastering user group management, giving you a deeper understanding of how to organize users and control permissions, enhancing your overall system security and efficiency.

Frequently Asked Questions

How can I restrict a sudo user to only specific commands?

To restrict a sudo user to specific commands, you must configure the /etc/sudoers file. Using sudo visudo for editing prevents syntax errors. This configuration allows you to precisely define which commands the user is permitted to execute with sudo, ensuring controlled access.

What should I do if I forget the root password?

If you forget the root password, you need to boot into single-user mode or use a live CD. These approaches provide access to system recovery options, allowing you to reset the root password without the need for the original password, thereby regaining access to your system.

Is it possible to track what commands a sudo user executes?

Yes, it’s possible to track commands executed by a sudo user. By default, sudo logs all command activity to /var/log/auth.log or /var/log/secure, depending on your Linux distribution. This logging feature is crucial for monitoring sudo users’ actions for security and auditing purposes.

How do I safely remove root access from a user?

To safely remove root access from a user, you can either edit the /etc/sudoers file to remove specific privileges or use the usermod command to exclude the user from the sudo or root group. This action effectively revokes the user’s ability to perform tasks as the root user.

Can a user with sudo access grant root privileges to another user?

A user with sudo access has the capability to grant root privileges to another user. This can be achieved by editing the /etc/sudoers file or utilizing usermod to add the new user to the sudo or root group, thereby extending root access to them.

Ojash

Author

Ojash is a skilled Linux expert and tech writer with over a decade of experience. He has extensive knowledge of Linux's file system, command-line interface, and software installations. Ojash is also an expert in shell scripting and automation, with experience in Bash, Python, and Perl. He has published numerous articles on Linux in various online publications, making him a valuable resource for both seasoned Linux users and beginners. Ojash is also an active member of the Linux community and participates in Linux forums.

Akshat

Reviewer

Akshat is a software engineer, product designer and the co-founder of Scrutify. He's an experienced Linux professional and the senior editor of this blog. He is also an open-source contributor to many projects on Github and has written several technical guides on Linux. Apart from that, he’s also actively sharing his ideas and tutorials on Medium and Attirer. As the editor of this blog, Akshat brings his wealth of knowledge and experience to provide readers with valuable insights and advice on a wide range of Linux-related topics.

Share this article
Shareable URL
Prev Post

How to Use the Apt Search Command to Search for a Package in Ubuntu [7 Best Uses]

Next Post

How to Create a Systemd Service in Linux? [11 Proven Steps]

Leave a Reply

Your email address will not be published. Required fields are marked *

Read next