Skip to main content
Prerequisites:
  • Linux server with root/sudo access
  • SSH or console access to your server
Creating a personal user account with sudo privileges is a critical first step in securing your Linux server. This allows you to disable root login while maintaining administrative access through your personal account.

Why Create a Personal User?

Security

Disabling root login prevents attackers from directly accessing the root account, even if they obtain credentials.

Accountability

Using personal accounts makes it easier to track who performed what actions on the system.

Best Practice

Industry standard security practice recommended by security experts and compliance frameworks.

Flexibility

Multiple users can have sudo access, allowing for better access management.

Creating a Personal User

Important: Create your personal user account and verify sudo access BEFORE disabling root login. Otherwise, you may lock yourself out of your server.
1

Create a new user

Create a new user account (replace username with your desired username):
sudo adduser username
You’ll be prompted to:
  • Set a password (choose a strong password)
  • Provide optional user information (full name, room number, work phone, etc.)
  • Confirm the information
You can also use useradd instead of adduser, but adduser is more interactive and user-friendly on Debian/Ubuntu systems.
2

Add user to sudo group

Grant sudo privileges to the new user:
sudo usermod -aG sudo username
This adds the user to the sudo group, which allows them to execute commands with administrative privileges.
On some systems (like RHEL/CentOS), the group might be called wheel instead of sudo. Use: sudo usermod -aG wheel username
3

Verify user creation

Switch to the new user and verify sudo access:
su - username
sudo whoami
If successful, sudo whoami should return root. This confirms that:
  • The user account was created successfully
  • The user has sudo privileges
  • You can execute administrative commands
4

Test sudo access

Try running a command that requires sudo:
sudo apt update
# or on RHEL/CentOS
sudo yum update
You’ll be prompted for your user’s password (not root’s password). If the command executes successfully, your sudo access is working correctly.

Alternative: Create User with Sudo in One Command

You can create a user and add them to the sudo group in a single command: 
sudo adduser --ingroup sudo username
Or using useradd: 
sudo useradd -m -s /bin/bash -G sudo username
sudo passwd username

Managing User Accounts

Change a user’s password:
sudo passwd username
You’ll be prompted to enter the new password twice.
Remove a user from the sudo group:
sudo deluser username sudo
# or on some systems
sudo gpasswd -d username sudo
Add a user to additional groups:
sudo usermod -aG group1,group2 username
Common groups:
  • sudo or wheel - Administrative privileges
  • docker - Docker access
  • www-data - Web server access
Delete a user account:
# Delete user but keep home directory
sudo deluser username

# Delete user and home directory
sudo deluser --remove-home username
Be careful when deleting user accounts. Make sure you have backups of important data.
View all users on the system:
# List all users
cat /etc/passwd | cut -d: -f1

# List users with sudo access
getent group sudo | cut -d: -f4
Get detailed information about a user:
# View user details
id username

# View groups user belongs to
groups username

# View user's home directory
echo ~username

Sudo Configuration

Understanding Sudo

Sudo (Super User Do) allows users to run commands with the privileges of another user, typically root. Users in the sudo group can execute administrative commands by prefixing them with sudo.

Sudo Configuration File

The sudo configuration is located at /etc/sudoers. Never edit this file directly! Always use visudo: 
sudo visudo
Syntax errors in /etc/sudoers can lock you out of sudo access. Always use visudo which validates syntax before saving.

Common Sudo Configurations

Allow specific users to use sudo without entering a password:
sudo visudo
Add this line (replace username):
username ALL=(ALL) NOPASSWD: ALL
This reduces security. Only use for trusted users or specific use cases.
Allow a user to run only specific commands with sudo:
username ALL=(ALL) /usr/bin/apt, /usr/bin/systemctl
This allows the user to only run apt and systemctl with sudo.
By default, sudo remembers your password for 15 minutes. To change this:
Defaults timestamp_timeout=30
Set to 0 to require password every time, or a number for minutes.

Security Best Practices

Strong Passwords

Use strong, unique passwords for all user accounts. Consider using a password manager.

Limit Sudo Access

Only grant sudo access to users who need it. Regularly review who has sudo privileges.

Regular Audits

Periodically review user accounts and remove unused or unnecessary accounts.

SSH Keys

After creating your user, set up SSH key authentication instead of passwords. See our SSH Security guide.

Next Steps

After creating your personal user account:
  1. Set up SSH keys - Configure key-based authentication for your new user. See SSH Security.
  2. Disable root login - Once you’ve verified your user account works, disable root SSH access.
  3. Configure firewall - Set up UFW to protect your server. See Firewall Configuration.

Troubleshooting

Verify the user is in the sudo group:
groups username
If not, add them:
sudo usermod -aG sudo username
The user may need to log out and back in for changes to take effect.
Check:
  1. User is in sudo group: groups username
  2. Sudoers file syntax: sudo visudo -c
  3. User is using sudo prefix: sudo command
If su - username fails:
  1. Verify user exists: id username
  2. Check if account is locked: sudo passwd -S username
  3. Ensure user has a valid shell: cat /etc/passwd | grep username
Remember: Always test your user account thoroughly before disabling root login. Keep a root session open as a backup until you’re confident everything works.