How to Revoke Sudo Privileges from a User in Ubuntu

Managing administrative access is crucial for maintaining system security on Ubuntu. This article provides a direct guide on how to remove sudo privileges from a specific user account. You will learn how to remove a user from the sudo group and how to edit the sudoers file if custom configurations were applied, ensuring only authorized personnel retain elevated permissions.

Remove User from Sudo Group

In standard Ubuntu installations, sudo access is granted by adding a user to the sudo group. To revoke this access, you need to remove the user from this group. Log in with an account that still has sudo privileges or switch to the root user.

Run the following command, replacing username with the actual account name:

sudo gpasswd -d username sudo

Alternatively, you can use the usermod command:

sudo usermod -g - sudo username

Edit the Sudoers File

If the user was granted privileges directly in the sudoers file rather than through group membership, you must edit the configuration file. Always use the visudo command to edit this file, as it checks for syntax errors before saving.

Execute the following command:

sudo visudo

Locate the line containing the username. It may look like username ALL=(ALL:ALL) ALL. Delete this line or comment it out by adding a # at the beginning. Save and exit the editor.

Verify Privilege Revocation

To confirm the changes have taken effect, switch to the user account or ask them to attempt a sudo command.

su - username
sudo whoami

If the privileges were successfully revoked, the system will return an error message stating that the user is not in the sudoers file. Ensure you test this carefully to avoid locking yourself out of administrative access.