The main idea of this post comes from here: How To Create a New Sudo-enabled User on Ubuntu 20.04 [Quickstart]. You can go there for other versions and distributions.

How to?

Step 1. Adding new user

First, we should add a new user to our system adduser, with basic configurations. You should replace “tony” with your username.

1
2
3
4
5
6
# adduser tony
Adding user `tony' ...
Adding new group `tony' (1000) ...
Adding new user `tony' (1000) with group `tony' ...
Creating home directory `/home/tony' ...
Copying files from `/etc/skel' ...

It will immediately prompt you to set password for this user.

1
2
New password:
Retype new password:

Following is some extra information, which may not make sense. So just press Enter to leave them by default.

Step 2. Add the user to sudo group

Now that we have the new user, add it to sudo group using usermod.

1
# usermod -aG sudo tony

This is it, then you should be able to use sudo as tony.

Step 3. Verify sudoaccess

Change to the user using su tony or login to the user using login tony, and try to run a command with sudo. For example, sudo apt update. If it prompts you to enter the password, then everything works well.

However, there is possibility that you may encounter this:

1
-bash: sudo: command not found

It may happen when you’re in a docker image, which do not have sudo command by default. So you should install it as root.

1
# apt install sudo

After installation, the problem will be no more.

Step 4. sudo without password (optional)

Sometimes you may use sudo in automation scripts, where user input is not available. This case, you may need to allow sudo execution without password. To achieve this,

1
sudo visudo

If you’re using Ubuntu, then the default editor is probably nano. Go to the bottom of the file, and add this line. Replace “tony” to your username.

1
tony   ALL=(ALL:ALL) NOPASSWD: ALL

Then, hit Ctrl + X, Y, then Enter to save and quit. Now, sudo will no longer prompt password.


Extra

Now that we have the user, how can we login as the new user, instead of root by default?

For SSH connection, we can simply change the username and password for the server IP. If you are using docker, things would be a little more tricky. For example, if you have a container called “tony-container”, in which you added a user called “tony”, then you can use this command below to run the bash in it with this profile in its home directory.

1
docker exec -it --user tony -w /home/tony tony-container bash

If you care about highlighting, here is a example .bashrc file. Copy it, or override options respectively in yours. One thing to notice is that, in a docker container, TERM variable may not be set. You can either set it in docker exec using -e TERM=xterm-256color or add export TERM=xterm-256color in .bashrc.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac

# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth

# append to the history file, don't overwrite it
shopt -s histappend

# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi

if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'

alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi

# colored GCC warnings and errors
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'

# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'

# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi

# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi