I have activated root user in ubuntu and want to use ubuntu as server with no DE. For this I want to disable sudo privilege given to first user. How can I do this from command line ? I know I can use a GUI but how to do it from command line ?
I have activated root user in ubuntu and want to use ubuntu as server with no DE. For this I want to disable sudo privilege given to first user. How can I do this from command line ? I know I can use a GUI but how to do it from command line ?
The user in question has sudo privileges because it is in the admin
group. As wojox commented, you could use visudo
and remove sudo privileges from the admin group, but that would remove sudo capabilities from all members of the admin group not just the one user.
Alternatively, you can remove the user from the admin group. If screen oriented vi
is considered command line enough, run vigr
and delete the username from the appropriate line.
For a "pure" command line solution, try gpasswd
, as it administers /etc/group and can add and delete users from groups.
[email protected]:~# id -Gn username
username adm dialout cdrom plugdev lpadmin admin sambashare
# ^- the group to remove
[email protected]:~# gpasswd -d username admin
Removing user username from group admin
[email protected]:~# id -Gn username
username adm dialout cdrom plugdev lpadmin sambashare
# ^- username not a member
[email protected]:~# gpasswd -a username admin
Adding user username to group admin
[email protected]:~# id -Gn username
username adm dialout cdrom plugdev lpadmin admin sambashare
Below is my first answer before I realized there was a less dumb way to do it.
If you'd like a more complicated way to do this, you can use usermod
.
Here's a quote from the usermod
man page:
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
A list of supplementary groups which the user is also a member of.
Each group is separated from the next by a comma, with no intervening
whitespace. The groups are subject to the same restrictions as the
group given with the -g option.
If the user is currently a member of a group which is not listed, the
user will be removed from the group. This behaviour can be changed via
the -a option, which appends the user to the current supplementary group
list.
So you have to specify all the groups for the user except for admin
.
[email protected]:~# id username
uid=1000(username) gid=1000(username) groups=1000(username),4(adm),20(dialout),24(cdrom),46(plugdev),111(lpadmin),119(admin),122(sambashare)
[email protected]:~# usermod -G 4,20,24,46,111,122 username
[email protected]:~# id username
uid=1000(username) gid=1000(username) groups=1000(username),4(adm),20(dialout),24(cdrom),46(plugdev),111(lpadmin),122(sambashare)
Finally, it violates the spirit of the question, but one could type users-admin
from the command line to modify users and groups.