Deleting user from sudoer
I would like to know the command to remove a user from the sudoer list in Linux. I have added the user using this command:
sudo adduser user_name
and also added it to a group.
I now want to remove the user from the sudoer list. How can I do that?
linux
add a comment |
I would like to know the command to remove a user from the sudoer list in Linux. I have added the user using this command:
sudo adduser user_name
and also added it to a group.
I now want to remove the user from the sudoer list. How can I do that?
linux
add a comment |
I would like to know the command to remove a user from the sudoer list in Linux. I have added the user using this command:
sudo adduser user_name
and also added it to a group.
I now want to remove the user from the sudoer list. How can I do that?
linux
I would like to know the command to remove a user from the sudoer list in Linux. I have added the user using this command:
sudo adduser user_name
and also added it to a group.
I now want to remove the user from the sudoer list. How can I do that?
linux
linux
edited Jan 11 at 3:48
Blackwood
2,89071728
2,89071728
asked Jan 11 at 2:35
Raghav PatilRaghav Patil
82
82
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
It may not as straight forward as running a command. There is no sudoerlist - the sudoers file is a list of instructions which can provide users - or groups various permissions. You can edit this file using visudo if you are good with vi. If not, you arguably should not be messing with it, but can probably use nano /etc/sudoers (as root). The sudoers file is usually quite well documented.
Depending on your OS though, you may not actually need to do this. Most distros have a group, and elevated permissions are granted by simply modifying who has access to what group. You may want to look through the sudoers file to see what group/groups there are - In my ubuntu 16.04 there is an "admin" group and a "sudo" group. "wheel" and "admin" groups are other common ones.
As the user is probably already a member of a group with sudo access, typing (as root) grep "username" /etc/group" will show a list of groups the user is a member of. To remove the user you can (as root) edit them out of /etc/group or use a command like
gpasswd -d username groupname
or
deluser username groupname
Shouldn’t it be gpasswd?
– Ramhound
Jan 11 at 4:06
Yes, thank you. Corrected.
– davidgo
Jan 11 at 4:10
Thanks a lot it works fine :) first command - gpasswd -d username groupname
– Raghav Patil
Jan 11 at 13:37
add a comment |
That command doesn't add the user to the /etc/sudoers
file.
Depending on what group(s) you added the user to, that might grant them access to use sudo. Check group membership for the user with groups username
.
You edit the /etc/sudoers
file using the visudo
utility - if you don't like vi/vim you can use any other editor by specifying it as an environment variable.
sudo EDITOR=/bin/nano visudo
Note that while the file is plain text, it is important to use visudo
to edit it because visudo
will check the syntax, etc. before actually saving it. With bad syntax, you wouldn't be able to run sudo
again to fix it.
So... check group members for your user, check what groups are allowed sudo
access, and check what users are allowed sudo
access.
Contents of a basic /etc/sudoers
as distributed by Debian/Ubuntu/etc
ivan@darkstar:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
Thanks, but we can delete the user?
– Raghav Patil
Jan 11 at 12:16
@user983675 - sure.deluser username
oruserdel username
with some options. Checkman
pages for each, decide which is appropriate. Might want to do some reading on managing users and groups on a *nix system - linode.com/docs/tools-reference/linux-users-and-groups
– ivanivan
Jan 11 at 13:20
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1393001%2fdeleting-user-from-sudoer%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It may not as straight forward as running a command. There is no sudoerlist - the sudoers file is a list of instructions which can provide users - or groups various permissions. You can edit this file using visudo if you are good with vi. If not, you arguably should not be messing with it, but can probably use nano /etc/sudoers (as root). The sudoers file is usually quite well documented.
Depending on your OS though, you may not actually need to do this. Most distros have a group, and elevated permissions are granted by simply modifying who has access to what group. You may want to look through the sudoers file to see what group/groups there are - In my ubuntu 16.04 there is an "admin" group and a "sudo" group. "wheel" and "admin" groups are other common ones.
As the user is probably already a member of a group with sudo access, typing (as root) grep "username" /etc/group" will show a list of groups the user is a member of. To remove the user you can (as root) edit them out of /etc/group or use a command like
gpasswd -d username groupname
or
deluser username groupname
Shouldn’t it be gpasswd?
– Ramhound
Jan 11 at 4:06
Yes, thank you. Corrected.
– davidgo
Jan 11 at 4:10
Thanks a lot it works fine :) first command - gpasswd -d username groupname
– Raghav Patil
Jan 11 at 13:37
add a comment |
It may not as straight forward as running a command. There is no sudoerlist - the sudoers file is a list of instructions which can provide users - or groups various permissions. You can edit this file using visudo if you are good with vi. If not, you arguably should not be messing with it, but can probably use nano /etc/sudoers (as root). The sudoers file is usually quite well documented.
Depending on your OS though, you may not actually need to do this. Most distros have a group, and elevated permissions are granted by simply modifying who has access to what group. You may want to look through the sudoers file to see what group/groups there are - In my ubuntu 16.04 there is an "admin" group and a "sudo" group. "wheel" and "admin" groups are other common ones.
As the user is probably already a member of a group with sudo access, typing (as root) grep "username" /etc/group" will show a list of groups the user is a member of. To remove the user you can (as root) edit them out of /etc/group or use a command like
gpasswd -d username groupname
or
deluser username groupname
Shouldn’t it be gpasswd?
– Ramhound
Jan 11 at 4:06
Yes, thank you. Corrected.
– davidgo
Jan 11 at 4:10
Thanks a lot it works fine :) first command - gpasswd -d username groupname
– Raghav Patil
Jan 11 at 13:37
add a comment |
It may not as straight forward as running a command. There is no sudoerlist - the sudoers file is a list of instructions which can provide users - or groups various permissions. You can edit this file using visudo if you are good with vi. If not, you arguably should not be messing with it, but can probably use nano /etc/sudoers (as root). The sudoers file is usually quite well documented.
Depending on your OS though, you may not actually need to do this. Most distros have a group, and elevated permissions are granted by simply modifying who has access to what group. You may want to look through the sudoers file to see what group/groups there are - In my ubuntu 16.04 there is an "admin" group and a "sudo" group. "wheel" and "admin" groups are other common ones.
As the user is probably already a member of a group with sudo access, typing (as root) grep "username" /etc/group" will show a list of groups the user is a member of. To remove the user you can (as root) edit them out of /etc/group or use a command like
gpasswd -d username groupname
or
deluser username groupname
It may not as straight forward as running a command. There is no sudoerlist - the sudoers file is a list of instructions which can provide users - or groups various permissions. You can edit this file using visudo if you are good with vi. If not, you arguably should not be messing with it, but can probably use nano /etc/sudoers (as root). The sudoers file is usually quite well documented.
Depending on your OS though, you may not actually need to do this. Most distros have a group, and elevated permissions are granted by simply modifying who has access to what group. You may want to look through the sudoers file to see what group/groups there are - In my ubuntu 16.04 there is an "admin" group and a "sudo" group. "wheel" and "admin" groups are other common ones.
As the user is probably already a member of a group with sudo access, typing (as root) grep "username" /etc/group" will show a list of groups the user is a member of. To remove the user you can (as root) edit them out of /etc/group or use a command like
gpasswd -d username groupname
or
deluser username groupname
edited Jan 11 at 4:09
answered Jan 11 at 3:55
davidgodavidgo
43.9k75291
43.9k75291
Shouldn’t it be gpasswd?
– Ramhound
Jan 11 at 4:06
Yes, thank you. Corrected.
– davidgo
Jan 11 at 4:10
Thanks a lot it works fine :) first command - gpasswd -d username groupname
– Raghav Patil
Jan 11 at 13:37
add a comment |
Shouldn’t it be gpasswd?
– Ramhound
Jan 11 at 4:06
Yes, thank you. Corrected.
– davidgo
Jan 11 at 4:10
Thanks a lot it works fine :) first command - gpasswd -d username groupname
– Raghav Patil
Jan 11 at 13:37
Shouldn’t it be gpasswd?
– Ramhound
Jan 11 at 4:06
Shouldn’t it be gpasswd?
– Ramhound
Jan 11 at 4:06
Yes, thank you. Corrected.
– davidgo
Jan 11 at 4:10
Yes, thank you. Corrected.
– davidgo
Jan 11 at 4:10
Thanks a lot it works fine :) first command - gpasswd -d username groupname
– Raghav Patil
Jan 11 at 13:37
Thanks a lot it works fine :) first command - gpasswd -d username groupname
– Raghav Patil
Jan 11 at 13:37
add a comment |
That command doesn't add the user to the /etc/sudoers
file.
Depending on what group(s) you added the user to, that might grant them access to use sudo. Check group membership for the user with groups username
.
You edit the /etc/sudoers
file using the visudo
utility - if you don't like vi/vim you can use any other editor by specifying it as an environment variable.
sudo EDITOR=/bin/nano visudo
Note that while the file is plain text, it is important to use visudo
to edit it because visudo
will check the syntax, etc. before actually saving it. With bad syntax, you wouldn't be able to run sudo
again to fix it.
So... check group members for your user, check what groups are allowed sudo
access, and check what users are allowed sudo
access.
Contents of a basic /etc/sudoers
as distributed by Debian/Ubuntu/etc
ivan@darkstar:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
Thanks, but we can delete the user?
– Raghav Patil
Jan 11 at 12:16
@user983675 - sure.deluser username
oruserdel username
with some options. Checkman
pages for each, decide which is appropriate. Might want to do some reading on managing users and groups on a *nix system - linode.com/docs/tools-reference/linux-users-and-groups
– ivanivan
Jan 11 at 13:20
add a comment |
That command doesn't add the user to the /etc/sudoers
file.
Depending on what group(s) you added the user to, that might grant them access to use sudo. Check group membership for the user with groups username
.
You edit the /etc/sudoers
file using the visudo
utility - if you don't like vi/vim you can use any other editor by specifying it as an environment variable.
sudo EDITOR=/bin/nano visudo
Note that while the file is plain text, it is important to use visudo
to edit it because visudo
will check the syntax, etc. before actually saving it. With bad syntax, you wouldn't be able to run sudo
again to fix it.
So... check group members for your user, check what groups are allowed sudo
access, and check what users are allowed sudo
access.
Contents of a basic /etc/sudoers
as distributed by Debian/Ubuntu/etc
ivan@darkstar:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
Thanks, but we can delete the user?
– Raghav Patil
Jan 11 at 12:16
@user983675 - sure.deluser username
oruserdel username
with some options. Checkman
pages for each, decide which is appropriate. Might want to do some reading on managing users and groups on a *nix system - linode.com/docs/tools-reference/linux-users-and-groups
– ivanivan
Jan 11 at 13:20
add a comment |
That command doesn't add the user to the /etc/sudoers
file.
Depending on what group(s) you added the user to, that might grant them access to use sudo. Check group membership for the user with groups username
.
You edit the /etc/sudoers
file using the visudo
utility - if you don't like vi/vim you can use any other editor by specifying it as an environment variable.
sudo EDITOR=/bin/nano visudo
Note that while the file is plain text, it is important to use visudo
to edit it because visudo
will check the syntax, etc. before actually saving it. With bad syntax, you wouldn't be able to run sudo
again to fix it.
So... check group members for your user, check what groups are allowed sudo
access, and check what users are allowed sudo
access.
Contents of a basic /etc/sudoers
as distributed by Debian/Ubuntu/etc
ivan@darkstar:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
That command doesn't add the user to the /etc/sudoers
file.
Depending on what group(s) you added the user to, that might grant them access to use sudo. Check group membership for the user with groups username
.
You edit the /etc/sudoers
file using the visudo
utility - if you don't like vi/vim you can use any other editor by specifying it as an environment variable.
sudo EDITOR=/bin/nano visudo
Note that while the file is plain text, it is important to use visudo
to edit it because visudo
will check the syntax, etc. before actually saving it. With bad syntax, you wouldn't be able to run sudo
again to fix it.
So... check group members for your user, check what groups are allowed sudo
access, and check what users are allowed sudo
access.
Contents of a basic /etc/sudoers
as distributed by Debian/Ubuntu/etc
ivan@darkstar:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
answered Jan 11 at 3:59
ivanivanivanivan
1,24427
1,24427
Thanks, but we can delete the user?
– Raghav Patil
Jan 11 at 12:16
@user983675 - sure.deluser username
oruserdel username
with some options. Checkman
pages for each, decide which is appropriate. Might want to do some reading on managing users and groups on a *nix system - linode.com/docs/tools-reference/linux-users-and-groups
– ivanivan
Jan 11 at 13:20
add a comment |
Thanks, but we can delete the user?
– Raghav Patil
Jan 11 at 12:16
@user983675 - sure.deluser username
oruserdel username
with some options. Checkman
pages for each, decide which is appropriate. Might want to do some reading on managing users and groups on a *nix system - linode.com/docs/tools-reference/linux-users-and-groups
– ivanivan
Jan 11 at 13:20
Thanks, but we can delete the user?
– Raghav Patil
Jan 11 at 12:16
Thanks, but we can delete the user?
– Raghav Patil
Jan 11 at 12:16
@user983675 - sure.
deluser username
or userdel username
with some options. Check man
pages for each, decide which is appropriate. Might want to do some reading on managing users and groups on a *nix system - linode.com/docs/tools-reference/linux-users-and-groups– ivanivan
Jan 11 at 13:20
@user983675 - sure.
deluser username
or userdel username
with some options. Check man
pages for each, decide which is appropriate. Might want to do some reading on managing users and groups on a *nix system - linode.com/docs/tools-reference/linux-users-and-groups– ivanivan
Jan 11 at 13:20
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1393001%2fdeleting-user-from-sudoer%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown