Fix sudo that says user is not in sudoers
We'll check the user is in the sudo/wheel group, the sudoers file syntax, and NOPASSWD rules—or tell you when to escalate.
What you'll need
- Root access or a user who can run sudo
- Console or SSH access to the server
At a glance
- Confirm you have root or another sudo-capable user to make changes.
- Check the user is in the sudo group (Debian/Ubuntu) or wheel group (RHEL/Fedora): run `groups username`.
- Add the user: run `usermod -aG sudo username` (Debian) or `usermod -aG wheel username` (RHEL).
- The user must log out and back in (or start a new login shell) for group changes to apply.
- Check sudoers syntax with `visudo`—never edit /etc/sudoers directly with a normal editor.
Quick triage — pick your path
Quick triage — pick your path
Choose the option that matches what you see. You can jump straight to that section.
Steps
Goal: Confirm the user is in the sudo/wheel group, add them if not, and check sudoers syntax.
- Confirm you have root or another sudo-capable user to make changes.
- Good: You have access. Proceed to Check user groups.
- Bad: No root access—escalate to the system administrator.
Check user groups
Goal: See if the user is in the sudo or wheel group.
- Run
groups username. On Debian/Ubuntu, the user needssudo. On RHEL/Fedora, the user needswheel. - Run
grep -E "^%sudo|^%wheel" /etc/sudoersto see which group is configured. - Good: User is in the group—they may need to log out and back in. Proceed to Add user to group if not.
- Bad: User is not in the group—add them.
Add user to group
Goal: Add the user to the sudo or wheel group.
- As root:
usermod -aG sudo username(Debian/Ubuntu) orusermod -aG wheel username(RHEL/Fedora). - Tell the user to log out and log back in. Group changes apply at login.
- Good: User added and has logged in again. sudo should work.
- Bad: usermod fails—check the username and that you have root.
Check sudoers
Goal: Confirm sudoers syntax and rules.
- Run
visudo -cto check syntax. Fix any errors withvisudo. - Check
/etc/sudoers.d/for deny rules or syntax errors. - Good: Syntax is valid. If the user is in the group and has re-logged in, sudo should work.
- Bad: Syntax error—fix with visudo. Escalate if config management manages sudoers.
When to escalate
Escalate if:
- You do not have root or console access.
- The system is managed by config management (Puppet, Ansible, etc.).
- Policy forbids adding users to sudo.
Provide groups username output and the relevant sudoers lines.
Verification
- The user runs
sudo whoamiand seesroot. - No “user is not in the sudoers file” or “not allowed to execute” message.
groupsshows sudo or wheel in the user’s group list after re-login.
Escalation ladder
Work from the device outward. Stop when the problem is fixed.
- Check groups groups username; grep sudo/wheel in sudoers.
- Add to group usermod -aG sudo or wheel.
- Re-login User must log out and back in.
- Check sudoers visudo -c; check sudoers.d.
- Escalate No root or config management.
What to capture if you need help
Before calling support or posting for help, have these ready. It speeds everything up.
- groups username output
- grep sudo/wheel from /etc/sudoers
- Contents of /etc/sudoers.d/ (if any)
- Steps already tried
Reviewed by Blackbox Atlas
Frequently asked questions
- Why does sudo say user is not in sudoers?
- The user is not in the sudo or wheel group, or there is no matching rule in /etc/sudoers. On Debian/Ubuntu the sudo group grants access; on RHEL/Fedora the wheel group does.
- How do I add a user to sudoers?
- Preferred: add the user to the sudo group (Debian) or wheel group (RHEL) with usermod -aG. Or add a rule in /etc/sudoers.d/ using visudo -f. The user must log out and back in for group changes to apply.
- What if I do not have root access?
- You need someone with root or sudo access to add you. Escalate to the system administrator. Do not attempt to modify sudoers without proper access.
Rate this guide
Was this helpful?
Thanks for your feedback.