Linux – Allow user to use sudo command has multiple ways, which one is better


I am a Linux Newbie, just learning it and using Debian 7.0 Wheezy.
I have seen two methods to allow user to use sudo

One is to use visudo to modify /etc/sudoers and add following

username ALL=(ALL) ALL

Another is adding user to sudo group, using this

usermod -a -G sudo username

Are both method have same impact? Is there any pros and cons of each method?

Best Answer

Both of those methods a mostly similar effect. Since the default sudoers file on Debian includes the line:

%sudo   ALL=(ALL:ALL) ALL

Granting that permission to all members of the sudo group.

A couple of differences that may matter to you.

  • When the modification takes effect. If you explicitly add the user to the sudoers file that user will be able to use those permissions immediately. If you instead add the user to the sudo group he or she will need to log out and then back in before being able to use sudo.

  • Later restrictions. If you later decide that you want to restrict what can be done with sudo for all users that will be easier if you use the group method since you can then modify just the single entry in the sudoers file rather than having separate entries for each user.