Administrative users in Ubuntu

When you install Ubuntu Linux or one of its derivatives (Xubuntu, Kubuntu, Lubuntu), the first user you add to the system during installation will automatically be made an Administrative user.  This is necessary so that the user can configure the system.  Like most UNIX based operating systems, any privileged operation requires the user to elevate their system privileges via the sudoers mechanism.

Rather than logging in as an administrative user using a password that can be intercepted, the sudoers mechanism prompts the non-privileged user for their own password which authenticates that user as being genuine before looking in the /etc/sudoers file to verify whether or not that user is permitted to elevate their privileges to that of root status.

The sudoers file can be edited using the visudo command and more granular privileges assigned to groups of sudo users to provide more control over precisely what commands a non-privileged user is permitted to run.  For the most part though, the default sudoers file simply permits any users in the systems sudo group in /etc/group to run any command by simply preceding that command with sudo.

For example, installing additional software on the system is in itself, a privileged operation, so to install say the vlc media player, one would need to type sudo apt-get install vlc.  Typing apt-get install vlc by any user other that root will not work.  A non-privileged user can change to the root user without knowing the root users password by using the sudo su – command and entering their own password – provided they are a member of the sudo group on the system.  In fact it is entirely unnecessary and more common than not to not know the root users actual password, even if you installed the operating system yourself!

So thats how Linux protects itself, explained in files and command line terms, but most desktop Linux users don’t use the command line, preferring to turn to the convenient GUI’s provided by the Settings Manager, which brings me to the point of this post.

If you make additional users on your Ubuntu desktop system an “Administrator” so that they can install software, connect to networks, wifi and printers etc, then you may expect them to be able to actually do all those things once you change them to “Admnistrator” status.  I would.  But we’d be wrong.  In all honesty, I don’t know what purpose that GUI actually serves other than being able to easily add more users without mastering the adduser or useradd command.















Any extra users don’t get added to the systems sudo group – the very thing they need to be members of in order to do anything administrative?!

So you’ll need to add them manually by using sudo vi /etc/group and appending a comma followed by their username to the line beginning with sudo in /etc/group

Assuming you’re not familiar with vi, you can make life easier by using sudo gedit /etc/group or sudo mousepad /etc/group commands instead.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.