Create Sudo User on Debian

February 18, 2024

This guide explains how to create a new user account with sudo privileges on a fresh Debian Linux installation.
These instructions should be executed as the root user.
If you're not logged in as root, you'll need to prefix each command with sudo.

These instructions have been tested on Debian 11 (Bullseye) and 12 (Bookworm) but should work on other Debian Linux distributions.

Create New User

First, create a new user account with a home directory and bash shell:

adduser --shell /usr/bin/bash --home /home/username --verbose username

You'll be prompted to:

Set a password (use a strong password)
Enter optional user information (name, phone, etc.)

Add Sudo Privileges

Add the new user to the sudo group to grant administrative privileges:

usermod -aG sudo username

This command adds the user to the sudo group, allowing them to execute commands with root privileges by using the sudo prefix.

Verify Setup

To confirm the user was created correctly and has proper sudo access:

1. Check group membership

groups username

The output should include sudo among the listed groups.

2. Test sudo access

su - username
sudo whoami

If properly configured, the sudo whoami command should return root after entering the user's password.

Common Issues

If the user can't execute sudo commands, verify:

1. Sudo group membership

getent group sudo

will list all users in the sudo group. Make sure the new user is listed.

2. Sudo configuration

sudo cat /etc/sudoers.d/README

Make sure there are no syntax errors in the sudoers configuration.

Disable Root user Login

For added security, consider disabling the root user login:

sudo passwd -l root

This command locks the root account, preventing direct login and SSH access.

To check if the root account is locked:

sudo passwd -S root

Example output:

root L 2024-12-19 0 99999 7 -1

The L in the second column indicates the account is locked.

Additional Notes

Choose a strong password when creating the user
Consider disabling root login after confirming sudo access works
Document the new user credentials in a secure location
Some systems may use wheel instead of sudo as the administrative group

Always follow your organization's security policies when creating new user accounts and granting sudo privileges.

Resources

Debian Wiki: System Administrator's Guide
- https://wiki.debian.org/SystemAdministration
Debian Manual: User Management
- https://www.debian.org/doc/manuals/debian-reference/ch04.en.html