Enable sudo for user and disable root account

If you have installed Debian with the root account enabled, and sudo disabled, but have changed your mind later, you can just turn things around by installing and enabling sudo and disabling the root account.

When you enable sudo, always disable the root account. You should never have both enabled, as it doubles the surface for malicious software or actors to compromise the system.

  • First, you need to install sudo. Open a terminal, and switch to the root account temporarily by typing
    su
  • Press Enter, type the root password and press Enter again.
  • Now you will need to refresh the sources and install sudo The following line will contain two commands combined into one. Type it into the terminal:

    apt update && apt install sudo

    and press Enter.

    System updates and upgrades will be discussed in greater detail in Discover Debian / System updates

  • Sudo is now installed, but you're not quite done yet. Next, you will need to allow your user account to use it. While still at the root prompt, you need to assign your user to the sudo group with the following command:

    usermod -a -G sudo your_user_name

    Naturally, replace your_user_name with your actual username here. So e.g. if your username is john, it would become

    usermod -a -G sudo john

    and press Enter

    User operations, including the usermod command, will be discussed in greater detail in the next chapter, Setting up users

  • Now your user will be able to use sudo after the next login. Normally it's enough to log out and back in, but in some weird cases, it would not work until a full system reboot. Do either a login/logout, or restart the system, and come back here.

  • Hello again. Now verify that your user can indeed use sudo, by issuing the following command:
    sudo apt update && apt upgrade

    then pressing Enter This command will update the sources, and upgrade the system (if there are any available updates). If you've had no error, you're now able to use sudo. As a bonus, your system is up-to-date as well.

  • If the previous step worked properly, you can now disable (lock) the root account by typing
    sudo passwd -l root

    then press Enter.

And you are done.