diff --git a/makeanything.sh b/makeanything.sh
index 94ff8ec..9a32622 100755
--- a/makeanything.sh
+++ b/makeanything.sh
@@ -65,6 +65,7 @@ apt install -y --no-install-recommends \\
 	man \\
 	console-data \\
 	locales \\
+	sudo \\
 	xserver-xorg \\
 	jwm \\
 	xdm \\
@@ -88,7 +89,7 @@ apt install -y --no-install-recommends \\
 	/tmp/xdgmenumaker*.deb
 
 echo -e "debian\ndebian" | (passwd root)
-useradd -m -s /bin/bash debian
+useradd -m -U -s /bin/bash debian
 echo -e "debian\ndebian" | (passwd debian)
 ### Configure timezone and locale
 #dpkg-reconfigure locales
@@ -110,6 +111,9 @@ $CHROOTCMD /bin/bash /tmp/install_base.sh || error
 message "copy nanodesk config files into chroot"
 sudo cp -r src/* build/chroot/
 
+message "correct file permissions"
+$CHROOTCMD /usr/bin/chmod 440 /etc/sudoers
+
 ### liveboot part, https://www.willhaley.com/blog/custom-debian-live-environment/
 message "checking liveboot directories"
 for dir in $(echo build/{staging/{EFI/BOOT,boot/grub/x86_64-efi,isolinux,live},tmp})
diff --git a/src/etc/sudoers b/src/etc/sudoers
new file mode 100644
index 0000000..2e23d75
--- /dev/null
+++ b/src/etc/sudoers
@@ -0,0 +1,27 @@
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults	env_reset
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+debian	ALL=(ALL) NOPASSWD: ALL
+# Cmnd alias specification
+
+# User privilege specification
+root	ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo	ALL=(ALL:ALL) ALL
+
+# See sudoers(5) for more information on "@include" directives:
+
+@includedir /etc/sudoers.d