ErrorNotes

How to Fix the 'User is not in the sudoers file' Error on Linux

beginner🐧 Linux2026-04-04| Linux distributions (Ubuntu, Debian, CentOS, RHEL, Fedora, Arch Linux)

Error Message

User is not in the sudoers file. This incident will be reported.
#linux#sudo#sysadmin#ubuntu#centos

The 2 AM Wall

You’re deep into a server configuration, perhaps trying to patch a security hole or install a new Docker container. You type sudo apt update, hit enter, and provide your password. Instead of the usual list of mirrors, you get a blunt rejection:

User is not in the sudoers file. This incident will be reported.

Despite the ominous phrasing, no police are coming to your door. The "incident" is simply a 2KB log entry written to /var/log/auth.log (on Debian/Ubuntu) or /var/log/secure (on RHEL/CentOS). The real issue is that your user account lacks the specific "keys to the kingdom" required to run commands as root.

The 30-Second Fix

If you have the root password or access to another admin account, you can resolve this in seconds. Run these commands to grant your user the necessary permissions:

  • Elevate to root: su -
  • For Ubuntu/Debian/Arch: usermod -aG sudo username
  • For CentOS/RHEL/Fedora: usermod -aG wheel username
  • Log out and back in to refresh your group membership.

Why Linux Blocked You

Linux relies on the sudo (superuser do) utility to maintain the principle of least privilege. Rather than everyone logging in as root—which is a massive security risk—users are granted temporary administrative powers. The /etc/sudoers file acts as the gatekeeper for these permissions.

Your error occurs because your username isn't listed in that file, and you aren't part of a group that has been granted access. Most systems default to using the sudo or wheel groups to manage this. If you aren't in those groups, the system treats you as a standard, restricted user.

Methods to Restore Access

Method 1: The Group Membership Approach

Adding a user to a pre-defined administrative group is the cleanest solution. It keeps the sudoers file tidy and is easy to audit.

On Ubuntu and Debian:

su -
usermod -aG sudo your_username

On CentOS, Fedora, and RHEL:

su -
usermod -aG wheel your_username

A vital warning: Always use the -a (append) flag with -G. If you run usermod -G wheel username without the -a, you will accidentally remove that user from every other group they belong to, including docker, vboxusers, or www-data.

Method 2: Editing the Sudoers File Safely

Sometimes you need to grant permissions to a specific user without putting them in a broad administrative group. To do this, you must edit /etc/sudoers. However, you should never open this file with a standard editor like nano or vim.

Instead, use visudo. This utility locks the file against other changes and, more importantly, checks your syntax before saving. A single missing space in this file can lock every user out of sudo access.

  • Open the editor: su -c "visudo"
  • Find the section for user specifications.
  • Add this line at the bottom:

your_username ALL=(ALL:ALL) ALL

  
  - Save and exit. `visudo` will notify you if you've made a typo that could break the system.

### Method 3: The "No Root Password" Emergency Fix
If you've lost the root password and don't have sudo access, you are effectively locked out. On a cloud provider like AWS, you might need to attach the volume to another instance. If you have physical access (or a virtual console), you can boot into a root shell:

  - Restart the machine and tap `Shift` or `Esc` to bring up the GRUB menu.
  - Select your kernel and press `e` to edit the boot parameters.
  - Locate the line starting with `linux`. Append `rw init=/bin/bash` to the end.
  - Press `Ctrl+X` to boot. You will land in a root prompt without being asked for a password.
  - Add your user back to the group: `usermod -aG sudo your_username`.
  - Type `exec /sbin/init` to resume normal booting.

## Verifying the Change
Group changes don't apply to your current session. You must log out completely or run `su - your_username` to start a fresh session. To verify, run:

groups


On Ubuntu, you should see `27(sudo)` in the output. Finally, test it with a simple command: `sudo whoami`. If the terminal prints `root`, your permissions are restored.

## Best Practices for the Future
Managing Linux permissions is a balancing act. While fixing these issues, I often use a [Unix Permissions Calculator](https://toolcraft.app/en/tools/developer/unix-permissions) to visualize how `chmod` values like `755` or `664` affect different user tiers. It's a great way to avoid the "just 777 it" temptation, which creates massive security holes.

To avoid getting locked out again:

  - **Keep a backup admin:** Always ensure at least two accounts have sudo access.
  - **The "Second Terminal" Rule:** When editing `/etc/sudoers`, keep your current terminal window open. Open a *second* window and test `sudo` there. If you broke something, you still have the first window to fix the error.
  - **Prefer Groups:** Managing access via the `wheel` or `sudo` groups is significantly less error-prone than editing the `sudoers` file for every new user.

Related Error Notes

Fix "Operation not permitted" When Root Can't Delete or Modify Files (chattr Immutable Flag)

rm: cannot remove 'config.conf': Operation not permitted

Fixing the 'GLIBC_2.34 Not Found' Error: 4 Practical Solutions

/lib/x86_64-linux-gnu/libc.so.6: version 'GLIBC_2.34' not found

Fixing 'umount: target is busy' Error on Linux

umount: /mnt/data: target is busy.