Question

14

Disable sudo permission to user from command line

rated 0 times [ 14] [ 0] / answers: 1 / hits: 64504 / 3 Years ago, wed, june 2, 2021, 6:50:09

I have activated root user in ubuntu and want to use ubuntu as server with no DE. For this I want to disable sudo privilege given to first user. How can I do this from command line ? I know I can use a GUI but how to do it from command line ?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

biryanrownies

Add To Favorites

Follow

Total Points: 396

Total Questions: 90

Total Answers: 106

Location: Saint Lucia

Member since Sun, Sep 5, 2021

3 Years ago

biryanrownies questions

1 awk or sed command to replace line break plus text containing spaces

Wed, May 10, 23, 07:13, 1 Year ago

1 Screenshot not saved

Wed, Sep 7, 22, 18:13, 2 Years ago

1 How to use echo output as a variable

Fri, Dec 3, 21, 02:50, 2 Years ago

1 resolv.conf - No DNS servers known

Sat, Feb 12, 22, 16:02, 2 Years ago

1 Installing Ubuntu 20.04 NOT alongside Ubuntu 16.04

Sat, Apr 15, 23, 09:22, 1 Year ago

View All

answered 3 Years ago cocal · Accepted Answer

The user in question has sudo privileges because it is in the admin group. As wojox commented, you could use visudo and remove sudo privileges from the admin group, but that would remove sudo capabilities from all members of the admin group not just the one user.

Alternatively, you can remove the user from the admin group. If screen oriented vi is considered command line enough, run vigr and delete the username from the appropriate line.

For a "pure" command line solution, try gpasswd, as it administers /etc/group and can add and delete users from groups.

root@toki:~# id -Gn username

username adm dialout cdrom plugdev lpadmin admin sambashare

                                         # ^- the group to remove

root@toki:~# gpasswd -d username admin

Removing user username from group admin



root@toki:~# id -Gn username

username adm dialout cdrom plugdev lpadmin sambashare

                                        # ^- username not a member

root@toki:~# gpasswd -a username admin

Adding user username to group admin

root@toki:~# id -Gn username

username adm dialout cdrom plugdev lpadmin admin sambashare

Below is my first answer before I realized there was a less dumb way to do it.

If you'd like a more complicated way to do this, you can use usermod.

Here's a quote from the usermod man page:

-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]

    A list of supplementary groups which the user is also a member of.

    Each group is separated from the next by a comma, with no intervening

    whitespace. The groups are subject to the same restrictions as the

    group given with the -g option.



    If the user is currently a member of a group which is not listed, the

    user will be removed from the group. This behaviour can be changed via

    the -a option, which appends the user to the current supplementary group

    list.

So you have to specify all the groups for the user except for admin.

root@toki:~# id username

uid=1000(username) gid=1000(username) groups=1000(username),4(adm),20(dialout),24(cdrom),46(plugdev),111(lpadmin),119(admin),122(sambashare)



root@toki:~# usermod -G 4,20,24,46,111,122 username



root@toki:~# id username

uid=1000(username) gid=1000(username) groups=1000(username),4(adm),20(dialout),24(cdrom),46(plugdev),111(lpadmin),122(sambashare)

Finally, it violates the spirit of the question, but one could type users-admin from the command line to modify users and groups.