diff --git a/Dockerfile b/Dockerfile
index b872ca8..93bac9c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,7 +15,8 @@ RUN \
  apt-get install -y \
 	git \
 	nano \
-	net-tools && \
+	net-tools \
+	sudo && \
  echo "**** install code-server ****" && \
  if [ -z ${CODE_RELEASE+x} ]; then \
 	CODE_RELEASE=$(curl -sX GET "https://api.github.com/repos/cdr/code-server/releases/latest" \
diff --git a/README.md b/README.md
index 5ff8bc2..af92fca 100644
--- a/README.md
+++ b/README.md
@@ -58,6 +58,7 @@ docker create \
   -e PGID=1000 \
   -e TZ=Europe/London \
   -e PASSWORD=password `#optional` \
+  -e SUDO_PASSWORD=password `#optional` \
   -p 8443:8443 \
   -v /path/to/appdata/config:/config \
   --restart unless-stopped \
@@ -81,6 +82,7 @@ services:
       - PGID=1000
       - TZ=Europe/London
       - PASSWORD=password #optional
+      - SUDO_PASSWORD=password #optional
     volumes:
       - /path/to/appdata/config:/config
     ports:
@@ -98,7 +100,8 @@ Container images are configured using parameters passed at runtime (such as thos
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
 | `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London |
-| `-e PASSWORD=password` | Optional web gui password, if not provided, there will be no auth |
+| `-e PASSWORD=password` | Optional web gui password, if not provided, there will be no auth. |
+| `-e SUDO_PASSWORD=password` | If this optional variable is set, user will have sudo access in the code-server terminal with the specified password. |
 | `-v /config` | Contains all relevant configuration files. |
 
 ## User / Group Identifiers
@@ -192,5 +195,6 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **09.07.19:** - Add optional sudo access.
 * **01.07.19:** - Add nano.
 * **24.06.19:** - Initial Release.
diff --git a/readme-vars.yml b/readme-vars.yml
index 821d956..1a07b18 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -45,7 +45,8 @@ param_env_vars:
 # optional container parameters
 opt_param_usage_include_env: true
 opt_param_env_vars:
-  - { env_var: "PASSWORD", env_value: "password", desc: "Optional web gui password, if not provided, there will be no auth"}
+  - { env_var: "PASSWORD", env_value: "password", desc: "Optional web gui password, if not provided, there will be no auth."}
+  - { env_var: "SUDO_PASSWORD", env_value: "password", desc: "If this optional variable is set, user will have sudo access in the code-server terminal with the specified password."}
 
 optional_block_1: false
 optional_block_1_items: ""
@@ -64,5 +65,6 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "09.07.19:", desc: "Add optional sudo access." }
   - { date: "01.07.19:", desc: "Add nano." }
   - { date: "24.06.19:", desc: "Initial Release." }
diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config
index 5f5e23b..86c0422 100644
--- a/root/etc/cont-init.d/30-config
+++ b/root/etc/cont-init.d/30-config
@@ -2,7 +2,16 @@
 
 mkdir -p /config/{extensions,data,workspace,.ssh}
 
+if [ -n ${SUDO_PASSWORD} ]; then
+  echo "setting up sudo access"
+  if [ ! $(cat /etc/sudoers | grep abc) ]; then
+    echo "adding abc to sudoers"
+    echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
+  fi
+  echo "setting sudo password"
+  echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
+fi
+
 # permissions
 chown -R abc:abc \
-	/opt/code-server \
 	/config