目录
1. What is Sudo?
2. Advantages of Sudo Users
3. Add a New User in Debian
3.1. Check Sudo Privileges for a Specific User
4. Grant Sudo Privileges to Users in Debian
5. Verify Sudo Privilege of Users
6. Remove Sudo Access from Users
7. Remove Users Permanently
Conclusion
首页 系统教程 操作系统 如何向Debian 12中的用户添加,删除和授予Sudo特权

如何向Debian 12中的用户添加,删除和授予Sudo特权

Mar 23, 2025 am 09:13 AM

In Debian, managing user privileges and administrative access is crucial for maintaining a secure and efficient system. By granting users the ability to execute administrative tasks without relying on the root account, you can enhance security, control access to sensitive operations, and maintain an audit trail of user activity. This detailed guide walks you through the steps to add, delete, and grant sudo privileges to users in Debian Linux.

Whether you're setting up a new Debian system or need to manage user accounts on an existing installation, this step-by-step tutorial is designed to provide clear instructions and explanations that even beginners can follow.

By the end of this guide, you'll have a solid understanding of how to create new user accounts, grant them sudo access, and remove users when necessary.

Before getting into the topic of adding, deleting, and granting sudo privileges to users in Debian, it's essential to understand what sudo is and the advantages it offers.

Table of Contents

1. What is Sudo?

The sudo (Superuser Do) command in Linux and Unix-like systems allows authorized users to execute commands with the privileges of the superuser or another user. It enables users to perform administrative tasks without logging in as the root user permanently.

The primary purpose of sudo is to provide a safer and more controlled approach to system administration. Instead of granting full root access to users, sudo enables privilege separation, limiting the scope of elevated privileges to specific commands or operations.

2. Advantages of Sudo Users

Here are some key aspects regarding sudo and the advantages of having a sudo user:

1. Privilege Separation

By default, Linux systems have a root user account with full administrative privileges. However, logging in as the root user can be risky because any command executed has unrestricted access to the entire system.

Sudo provides a way to separate regular user accounts from privileged tasks, allowing users to perform administrative actions only when needed.

2. Limited Privilege Escalation

Sudo allows specific users or groups to execute specific commands with elevated privileges. This provides a controlled and auditable way to grant temporary administrative access to trusted users.

Users can execute individual commands or a series of commands with sudo by authenticating themselves with their own password, rather than the root password.

3. Auditing and Accountability

Sudo logs all executed commands, providing an audit trail for system administrators. This audit trail helps track who executed which commands and when, enhancing system security and accountability.

The logs generated by sudo can be analyzed to investigate security incidents, troubleshoot issues, and monitor user activity.

4. Fine-Grained Access Control

With sudo, system administrators can define granular access control policies for different users or groups. This allows them to specify precisely which commands or operations each user can perform with elevated privileges.

Access control can be customized based on factors such as user roles, specific systems or services, and even specific command options.

5. Reduced Risk of Accidental Damage

Using sudo helps mitigate the risk of accidental damage caused by executing privileged commands. With sudo, users need to deliberately prefix a command with sudo to run it with elevated privileges, reducing the likelihood of unintentional system modifications or deletions.

It provides an extra layer of safety by prompting users for authentication before executing privileged operations, ensuring they are aware of the consequences of their actions.

6. Collaboration and Delegation

Sudo facilitates collaboration among system administrators by allowing them to delegate specific administrative tasks to other users without sharing the root password.

By assigning sudo privileges to trusted users, the workload can be distributed, and routine administrative tasks can be performed by designated individuals without requiring full root access.

In summary, having a sudo user provides a more secure and controlled approach to system administration. It enhances security, accountability, and flexibility by enabling limited privilege escalation, fine-grained access control, auditing, and delegation of administrative tasks.

3. Add a New User in Debian

To create a new sudo user in Debian, you need to have either an existing sudo user or root access to the system. This requirement ensures that only authorized users can grant sudo privileges to others.

In order to add a new user, follow these steps:

Log in to your Debian system using an existing sudo user account or as the root user. Open a terminal or connect to your Debian system via SSH.

If you have an existing sudo user:

Run the following command to create a new user:

$ sudo adduser senthil
登录后复制

Replace "senthil" with the desired username for the new sudo user.

Enter a strong password for the new user when prompted.

Provide any additional information requested during the user creation process.

If you have root access:

If the currently logged-in user does not have sudo rights, you will need to switch to the root account in order to create new sudo users.

Use any one of the following commands to switch to root user.

$ su -l 
登录后复制

Or

$ su -
登录后复制

By using su -l or su -, the root shell is initialized with an environment similar to a normal 'login' shell. This means that the root user's $PATH variable is correctly initialized, ensuring that system directories such as /sbin are included.

Next, run the following command to create a new user:

# adduser senthil
登录后复制

Again, replace "senthil" with your own username.

You will be prompted to set a password for the new user. Enter a strong password and confirm it.

Additional information about the new user, such as their full name, phone number, etc., may be requested. You can enter the information or leave it blank by pressing Enter.

Adding user `senthil' ...
Adding new group `senthil' (1001) ...
Adding new user `senthil' (1001) with group `senthil (1001)' ...
Creating home directory `/home/senthil' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for senthil
Enter the new value, or press ENTER for the default
	Full Name []: 
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] y
Adding new user `senthil' to supplemental / extra groups `users' ...
Adding user `senthil' to group `users' ...
登录后复制

如何向Debian 12中的用户添加,删除和授予Sudo特权

3.1. Check Sudo Privileges for a Specific User

After creating a new user named "senthil", it's important to note that this user does not have sudo access by default. Without sudo privileges, the user won't be able to perform administrative tasks.

To verify whether a user has sudo access or not, you can use the following command:

# sudo -l -U senthil
登录后复制
登录后复制

Replace "senthil" with the actual username you want to check.

Sample output:

User senthil is not allowed to run sudo on debian12.
登录后复制
登录后复制

如何向Debian 12中的用户添加,删除和授予Sudo特权

As you can see, the user "senthil" has not been granted sudo privileges yet. If the user "senthil" has sudo access, the output will show the allowed commands and their associated restrictions, if any.

In the next steps, we will cover how to grant sudo privileges to the user "senthil" so they can perform administrative tasks.

4. Grant Sudo Privileges to Users in Debian

Add the newly created user to sudo group using the following command:

If you have an existing sudo user:

$ sudo adduser senthil sudo
登录后复制

If you have root access:

# adduser senthil sudo
登录后复制

Sample output:

Adding user `senthil' to group `sudo' ...
Done.
登录后复制

如何向Debian 12中的用户添加,删除和授予Sudo特权

We granted sudo permission to the user "senthil".

You can also the following command to add a user to sudo group.

# sudo usermod -aG sudo senthil
登录后复制

Now verify if the user is added in the sudo group, using command

# sudo -l -U senthil
登录后复制
登录后复制

Sample output:

Matching Defaults entries for senthil on debian12:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin,
    use_pty

User senthil may run the following commands on debian12:
    <strong><mark>(ALL : ALL) ALL</mark></strong>
登录后复制

如何向Debian 12中的用户添加,删除和授予Sudo特权

Here, the line (ALL : ALL) ALL in the above output indicates that the user "senthil" can run any command (ALL) as any user (ALL) with all available privileges.

The output confirms that the user "senthil" has been granted unrestricted sudo privileges on the Debian 12 system, allowing him to run any command as any user with full administrative capabilities.

If you view the contents of the sudoers file;

$ sudo cat /etc/sudoers
登录后复制

You would see some lines like below.

# User privilege specification
root	ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
<strong><mark>%sudo	ALL=(ALL:ALL) ALL</mark></strong>

# See sudoers(5) for more information on "@include" directives:

@includedir /etc/sudoers.d
登录后复制

The directive %sudo ALL=(ALL:ALL) ALL in the /etc/sudoers file is a rule that specifies the sudo privileges for members of the "sudo" group. Let's break down what each part of the directive means:

  • %sudo: This signifies that the rule applies to all users who are members of the "sudo" group. The % character denotes a group name.
  • ALL=(ALL:ALL): This portion defines the scope of the sudo rule. It indicates that the rule applies to any host (ALL) and allows users in the "sudo" group to run commands as any user and any group.
    • The first "ALL" represents the hosts or machines on which the sudo rule is applicable. In this case, "ALL" means the rule applies to any host. It allows members of the "sudo" group to execute commands with sudo privileges from any machine.
    • The second "ALL" represents the users or accounts as whom the commands can be executed. "ALL" means the members of the "sudo" group can run commands as any user on the system.
    • The third "ALL" represents the groups that the sudo commands can be executed as. Again, "ALL" means that the members of the "sudo" group can execute commands as any group on the system.
  • ALL: This specifies that the members of the "sudo" group can run any command.

In summary, the directive %sudo ALL=(ALL:ALL) ALL allows any user who is a member of the "sudo" group to execute any command with full administrative privileges. It grants broad sudo access to the users in the "sudo" group, enabling them to perform a wide range of administrative tasks on the system.

Since the user "senthil" is a member of "sudo" group, he can now run any command on any host. To put this in other word, he is one of the administrator.

5. Verify Sudo Privilege of Users

To verify if a user has the ability to perform administrative tasks with sudo, Log out from the current user session. On the login screen, select the new user you created. Enter the password for the new user and log in.

    Alternatively, you can quickly switch to the new user using the following command:

    # sudo -i -u senthil
    登录后复制

    This command will instantly switch you to the specified user, in this case, "senthil".

    Once you are switched to the user, run any commands with the sudo prefix to perform administrative tasks. For example:

    $ sudo apt update
    登录后复制

    如何向Debian 12中的用户添加,删除和授予Sudo特权

    As you witnessed in the above output, the user "senthil" has the ability to run administrative tasks with sudo privilege.

    6. Remove Sudo Access from Users

    Removing sudo access from a user in Debian systems is a delicate process that requires caution. It's important to ensure that you do not remove the real administrator from the "sudo" group, as there should always be at least one sudo user in the system.

    To revoke sudo permissions from a user, follow these steps:

    Make sure you are logged out from the user's session ("senthil") and logged in as another user with sudo privileges.

    To remove the user "senthil" from the "sudo" group, use the following command:

    $ sudo deluser senthil sudo
    登录后复制

    This command will revoke the user's sudo permissions by removing them from the "sudo" group. Note that this action does not permanently delete the user from the system.

    Sample output:

    Removing user `senthil' from group `sudo' ...
    Done.
    登录后复制

    Alternatively, you can use the following command to revoke sudo permissions:

    $ sudo gpasswd -d senthil sudo
    登录后复制

    Running this command will have the same effect of removing the user "senthil" from the "sudo" group.

    After executing either of these commands, the user "senthil" will no longer have sudo access and will be considered a regular user without administrative privileges.

    To verify if the user has indeed been removed from the "sudo" group, you can run the following command:

    $ sudo -l -U senthil
    登录后复制

    This command will display the user's sudo privileges. If the user is no longer listed as having sudo access, it confirms that the sudo permissions have been successfully revoked.

    User senthil is not allowed to run sudo on debian12.
    登录后复制
    登录后复制

    如何向Debian 12中的用户添加,删除和授予Sudo特权

    The user "senthil" is now removed from sudoer list.

    7. Remove Users Permanently

    Please exercise caution when permanently deleting users from the system, as this action is not reversible. Double-check that you are removing the correct user, and ensure that you have taken appropriate backups or precautions to prevent any unintended data loss.

    To permanently delete users from a Linux system, including their home directory and mail spool, follow these steps:

    Ensure that you are logged in as the root user or a user with sudo privileges.

    To delete a user, use the following command:

    $ sudo deluser senthil
    登录后复制

    Replace "senthil" with the actual username of the user you want to remove.

    This command will remove the specified user from the system, including their user account details. However, their home directory and mail spool will remain intact.

    If you want to remove the user's home directory and mail spool along with their account, use the --remove-home option:

    $ sudo deluser --remove-home senthil
    登录后复制

    This command ensures that not only the user account but also their home directory and mail spool are deleted.

    Conclusion

    Managing user privileges and granting sudo access in Debian systems is an essential aspect of maintaining system security and controlling administrative tasks. By following the step-by-step instructions provided, even beginners can successfully add, grant sudo access, and manage users in Debian systems.

    Remember to exercise caution when using sudo, grant privileges only to trusted users, and regularly review sudo logs to monitor user activity and identify any potential security issues.

    Related Read:

    • Add, Delete And Grant Sudo Privileges To Users In Alpine Linux
    • Add, Delete And Grant Sudo Privileges To Users In Arch Linux
    • Add, Delete And Grant Sudo Privileges To Users In CentOS
    • Add, Delete And Grant Sudo Privileges To Users In Fedora
    • Add, Delete And Grant Sudo Privileges To Users In Ubuntu
    • How To Allow Or Deny Sudo Access To A Group In Linux

    以上是如何向Debian 12中的用户添加,删除和授予Sudo特权的详细内容。更多信息请关注PHP中文网其他相关文章!

    本站声明
    本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn

    热AI工具

    Undresser.AI Undress

    Undresser.AI Undress

    人工智能驱动的应用程序,用于创建逼真的裸体照片

    AI Clothes Remover

    AI Clothes Remover

    用于从照片中去除衣服的在线人工智能工具。

    Undress AI Tool

    Undress AI Tool

    免费脱衣服图片

    Clothoff.io

    Clothoff.io

    AI脱衣机

    Video Face Swap

    Video Face Swap

    使用我们完全免费的人工智能换脸工具轻松在任何视频中换脸!

    热门文章

    <🎜>:泡泡胶模拟器无穷大 - 如何获取和使用皇家钥匙
    4 周前 By 尊渡假赌尊渡假赌尊渡假赌
    北端:融合系统,解释
    4 周前 By 尊渡假赌尊渡假赌尊渡假赌
    Mandragora:巫婆树的耳语 - 如何解锁抓钩
    3 周前 By 尊渡假赌尊渡假赌尊渡假赌

    热工具

    记事本++7.3.1

    记事本++7.3.1

    好用且免费的代码编辑器

    SublimeText3汉化版

    SublimeText3汉化版

    中文版,非常好用

    禅工作室 13.0.1

    禅工作室 13.0.1

    功能强大的PHP集成开发环境

    Dreamweaver CS6

    Dreamweaver CS6

    视觉化网页开发工具

    SublimeText3 Mac版

    SublimeText3 Mac版

    神级代码编辑软件(SublimeText3)

    热门话题

    Java教程
    1672
    14
    CakePHP 教程
    1428
    52
    Laravel 教程
    1332
    25
    PHP教程
    1277
    29
    C# 教程
    1256
    24
    Linux管理员的薪水是多少? Linux管理员的薪水是多少? Apr 17, 2025 am 12:24 AM

    Linux管理员的平均年薪在美国为75,000至95,000美元,欧洲为40,000至60,000欧元。提升薪资可以通过:1.持续学习新技术,如云计算和容器技术;2.积累项目经验并建立Portfolio;3.建立职业网络,拓展人脉。

    Linux系统管理员的主要任务是什么? Linux系统管理员的主要任务是什么? Apr 19, 2025 am 12:23 AM

    Linux系统管理员的主要任务包括系统监控与性能调优、用户管理、软件包管理、安全管理与备份、故障排查与解决、性能优化与最佳实践。1.使用top、htop等工具监控系统性能,并进行调优。2.通过useradd等命令管理用户账户和权限。3.利用apt、yum管理软件包,确保系统更新和安全。4.配置防火墙、监控日志、进行数据备份以确保系统安全。5.通过日志分析和工具使用进行故障排查和解决。6.优化内核参数和应用配置,遵循最佳实践提升系统性能和稳定性。

    Linux和Windows之间虚拟化支持有哪些差异? Linux和Windows之间虚拟化支持有哪些差异? Apr 22, 2025 pm 06:09 PM

    Linux和Windows在虚拟化支持上的主要区别在于:1)Linux提供KVM和Xen,性能和灵活性突出,适合高定制环境;2)Windows通过Hyper-V支持虚拟化,界面友好,与Microsoft生态系统紧密集成,适合依赖Microsoft软件的企业。

    Linux的主要目的是什么? Linux的主要目的是什么? Apr 16, 2025 am 12:19 AM

    Linux的主要用途包括:1.服务器操作系统,2.嵌入式系统,3.桌面操作系统,4.开发和测试环境。Linux在这些领域表现出色,提供了稳定性、安全性和高效的开发工具。

    很难学习Linux吗? 很难学习Linux吗? Apr 18, 2025 am 12:23 AM

    学习Linux并不难。1.Linux是一个开源操作系统,基于Unix,广泛应用于服务器、嵌入式系统和个人电脑。2.理解文件系统和权限管理是关键,文件系统是层次化的,权限包括读、写和执行。3.包管理系统如apt和dnf使得软件管理方便。4.进程管理通过ps和top命令实现。5.从基本命令如mkdir、cd、touch和nano开始学习,再尝试高级用法如shell脚本和文本处理。6.常见错误如权限问题可以通过sudo和chmod解决。7.性能优化建议包括使用htop监控资源、清理不必要文件和使用sy

    Linux软件的未来:Flatpak和Snap会替换本机桌面应用程序吗? Linux软件的未来:Flatpak和Snap会替换本机桌面应用程序吗? Apr 25, 2025 am 09:10 AM

    多年来,Linux软件分布依赖于DEB和RPM等本地格式,并深深地根深蒂固。 但是,Flatpak和Snap已经出现,有望成为应用程序包装的通用方法。 本文考试

    在Linux中比较文件的前7个工具(示例) 在Linux中比较文件的前7个工具(示例) Apr 28, 2025 am 09:21 AM

    本指南探讨了用于比较Linux中文本文件的各种方法,Linux是系统管理员和开发人员的关键任务。 我们将介绍命令行工具和视觉差异工具,突出显示其优势和适当的用例。 假设

    Linux和Windows之间的用户帐户管理有什么区别? Linux和Windows之间的用户帐户管理有什么区别? May 02, 2025 am 12:02 AM

    Linux和Windows在用户账户管理上的主要区别在于权限模型和管理工具。Linux使用基于Unix的权限模型和命令行工具(如useradd、usermod、userdel),而Windows采用自己的安全模型和图形用户界面(GUI)管理工具。

    See all articles