Introduction

The “sudo” command stands for “Super User DO,” and temporarily elevates the privileges of a regular user for administrative tasks. This guide will walk you through the steps to add a user to Sudoers in CentOS.

how- o create a sudo user in centOS

Prerequisites

  • A system running CentOS 7
  • Access to a user account with root privileges

Add User to Sudo Group

Step 1: Login as Administrator

If you’re working on a local machine, log in to the system with administrator credentials.

If you’re connecting to a remote machine (over a network), open a terminal window and enter the command: ssh root@server_ip_address

The server_ip_address is the network IP address of the server you’re logging into. Enter your credentials when prompted.

Step 2: Create a New User

Note:  If you’re granting sudo privileges to an existing user, skip ahead to Step 3.

In the terminal window, type the following: adduser UserName

Use the actual username for your new user in place of UserName.

Next, create a password for the new user by entering the following in your terminal window: passwd UserName

The system should display a prompt in which you can set and confirm a password for your new user account.  If successful, the system should respond that “all authentication tokens updated successfully.”

NOTE: A strong secure password has more characters and a few special characters (such as numbers, symbols, or capitals). Make sure you’re choosing an appropriately strong password for your system. Click here for more information on strong passwords.

Step 3: Grant Sudo Privileges Through the Wheel Group

By default, CentOS 7 has a user group called the “wheel” group. Members of the wheel group are automatically granted sudo privileges. Adding a user to this group is a quick and easy way to grant sudo privileges to a user.

Step 3a: Verify the Wheel Group is Enabled

Your CentOS 7 installation may or may not have the wheel group enabled.

Open the configuration file by entering the command: visudo

Scroll through the configuration file until you see the following entry:

## Allows people in group wheel to run all commands

# %wheel        ALL=(ALL)       ALL

If the second line begins with the # sign, it has been disabled and marked as a comment. Just delete the # sign at the beginning of the second line so it looks like the following:

%wheel        ALL=(ALL)       ALL

Then save the file and exit the editor.

NOTE

If this line didn’t start with a # sign, you don’t need to make any changes. The wheel group is already enabled, and you can close the editor.

Step 3b: Add User to  Wheel Group

To add a user to the wheel group: usermod –aG wheel UserName

As usual, change the UserName to the name of the user receiving sudo privileges.

Step 3c: Test Sudo for the New Account

Switch to the new (or newly-elevated) user account with the su (substitute user) command: su - UserName

Enter the password if prompted. The terminal prompt should change to include the UserName.

Enter the following command to list the contents of the /root directory: sudo ls -la /root

The terminal should request the password for UserName. Enter it, and you should see a display of the list of directories. Since listing the contents of /root requires sudo privileges, this works as a quick way to prove that UserName can use the sudo command.

Alternative: Add User to Sudoers Configuration File

If there’s a problem with the wheel group, or administrative policy prevents you from creating or modifying groups, you can add a user directly to the sudoers configuration file to grant sudo privileges.

Step 1: Open the Sudoers File in an Editor

In the terminal, run the following command: visudo

This will open the /etc/sudoers file in a text editor.

Step 2: Add the New User

Scroll down to find the following section:

## Allow root to run any commands anywhere

root ALL=(ALL) ALL

Right after this entry, add the following text:

UserName ALL=(ALL) ALL

Replace UserName with the username you created in Step 2. This section should look like the following:

## Allow root to run any commands anywhere

root ALL=(ALL) ALL

UserName ALL=(ALL) ALL

Save the file and exit.

Step 3: Test Sudo Privileges for the User Account

Switch user accounts with the su (substitute user) command: su — UserName

Enter the password for the account, if prompted. The terminal prompt should change to include the UserName.

List the contents of the /root directory: sudo ls —la /root

Enter the password for this user when prompted. The terminal should display a list of all the directories in the /root directory.

Conclusion

This guide showed you how to add a user to Sudoers in CentOS or modify privileges of an existing sudo user.

The sudo command is critical for running advanced and administrative tasks on a Linux system. While this could be done using a root user (or administrator account), most system administrators advise against operating permanently in a root account. Not only can it be a security risk, but it can also allow changes to a Linux system that can break functionality. The sudo command provides a workaround by allowing a user to elevate their privileges for a single task temporarily.

In CentOS, a user needs to enter a password for each sudo command. This is by design because allowing more than one command would bypass the security features of a regular user account.

For more information about the su or sudo commands, the CentOS wiki page has a wealth of information.

Next, You Should Read:

Share
Tweet
Share
+1
0 Shares