7

I've added myself into the sudoers users list by using the command

root@debian:/home/oshirowanen#adduser oshirowanen sudo

If I try to run that command again, 

root@debian:/home/oshirowanen# adduser oshirowanen sudo
The user `oshirowanen' is already a member of `sudo'.
root@debian:/home/oshirowanen#

All looks good so far.

When I then exit the root user and try to install/remove/search something using my own account, it doesn't work and complains that I am not a sudoer... For example

root@debian:/home/oshirowanen# exit
exit
oshirowanen@debian:~$ sudo aptitude search ice
[sudo] password for oshirowanen: 
oshirowanen is not in the sudoers file.  This incident will be reported.
oshirowanen@debian:~$

Why is this happening?

This is what I get from visudo

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
oshirowanen
  • 2,621
  • What does your /etc/sudoers look like? – l0b0 Mar 21 '13 at 09:13
  • search for "oshirowanen" user in /etc/sudoers file: this file has 440 permission with root as owner/group owner: so you must be only able to view the file with superuser priviledges. – Ankit Mar 21 '13 at 09:23

2 Answers2

14

You need to log in again after adding yourself to a group to get the correct privileges.

To verify with two shells:

alice $ sudo adduser test
                                alice $ su - test
alice $ sudo adduser test sudo
                                test $ sudo ls
                                test is not in the sudoers file.  [...]
                                test $ exit
                                alice $ su - test
                                test $ sudo ls
                                examples.desktop

To clarify, any shells which were opened before the user was added to the sudo group do not have the new privileges.

l0b0
  • 51,350
  • Updated question to show what my system has in visudo. – oshirowanen Mar 21 '13 at 09:23
  • So everytime I want to use sudo as oshirowanen, I must do su - oshirowanen, enter my password, then I can do something like sudo ls? Looks like I have to do su - oshirowanen each and every time? – oshirowanen Mar 21 '13 at 09:39
  • Not every time, only after you added your user to the group. – Didi Kohen Mar 21 '13 at 09:44
  • I seem to have to do this every time, i.e. if I want to search, as in aptitude search ice, I seem to have to do su - oshirowanen [enter password for oshirowanen], then I can do sudo aptitude search ice [enter password for oshirwanen]. If I just straight to sudo aptitude search ice, I am told that I am not a sudoer... – oshirowanen Mar 21 '13 at 10:00
  • 1
    @oshirowanen As l0b0 wrote, you need to completely logout and login again that your current user is in the sudo group. After that you should not need the su - ... command anymore. – jofel Mar 21 '13 at 10:09
6

There are two different things in action here:

  1. The sudo user group.
  2. The /etc/sudoers file.

In some distibutions, the sudoers group is configured in the sudoers file to run everything via sudo.
To add the group you can edit the file by running this as root:

visudo

and adding the following (or un-commenting it):

%sudo ALL=(ALL) ALL

The % sign indicates it's a group name, the first "ALL" is the hosts it can run on, second is the users it can impersonate, the last "ALL is the commands it can run via sudo.

In addition, you probably need to re-login for the new group membership to take effect.
To check active group memberships run:

id
Didi Kohen
  • 1,841