Introduction
This guide will walk you through the steps to create or add a sudo user on CentOS 7.
The “sudo” command stands for “Super User DO,” and temporarily elevates the privileges of a regular user for administrative tasks.
NOTE
Linux administrators often tell users that “with great power comes great responsibility,” when granting root or administrator privileges. Be careful how you use your sudo!
Prerequisites
- A system running CentOS 7
- Access to a user account with root privileges
Tools/Software
- Terminal window (click menu > applications > utilities > terminal)
Steps to Create a New Sudo User
Step 1: Login as Administrator
If you’re working on a local machine, simply log in to the system with administrator credentials.
If you’re connecting to a remote machine (over a network), open a terminal window and enter the following command:
ssh root@server_ip_address
The server_ip_address is the network IP address of the server you’re logging into. Enter your credentials when prompted.
Step 2: Create a New User
Note: If you’re simply granting sudo privileges to an existing user, skip ahead to Step 3.
In the terminal window, type the following:
adduser UserName
Use the actual username for your new user in place of UserName.
Next, create a password for the new user by entering the following in your terminal window:
passwd UserName
The system should display a prompt in which you can set and confirm a password for your new user account. If successful, the system should respond that “all authentication tokens updated successfully.”
NOTE
A strong password has more characters and a few special characters (such as numbers, symbols, or capitals). Make sure you’re choosing an appropriately strong password for your system. Click here for more information on strong passwords.
Step 3: Grant Sudo Privileges Through the Wheel Group
By default, CentOS 7 has a user group called the “wheel” group. Members of the wheel group are automatically granted sudo privileges. Adding a user to this group is a quick and easy way to grant sudo privileges to a user.
Step 3a: Check That the Wheel Group is Enabled
Your CentOS 7 installation may or may not have the wheel group enabled. Open the configuration file by entering the following command into the terminal:
visudo
Scroll through the configuration file until you see the following entry:
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
If the second line begins with the # sign, it has been disabled and marked as a comment. Simply delete the # sign at the beginning of the second line so it looks like the following:
%wheel ALL=(ALL) ALL
Then save the file and exit the editor.
NOTE
If this line didn’t start with a # sign, you don’t need to make any changes. The wheel group is already enabled, and you can close the editor.
Step 3b: Add a User to the Wheel Group
Use the following command to add a user to the wheel group:
usermod –aG wheel UserName
As usual, change UserName to the name of the user receiving sudo privileges.
Step 3c: Test Sudo for the New Account
Switch to the new (or newly-elevated) user account with the su (substitute user) command:
su - UserName
Enter the password for the account, if prompted. The terminal prompt should change to include the UserName.
Enter the following command to list the contents of the /root directory:
sudo ls -la /root
The terminal should request the password for UserName. Enter it, and you should see a display of the list of directories. Since listing the contents of /root requires sudo privileges, this works as a quick way to prove that UserName can use the sudo command.
Step 4 (optional): Add User to Sudoers CentOS
If there’s a problem with the wheel group, or administrative policy prevents you from creating or modifying groups, you can add a user directly to the sudoers configuration file to grant sudo privileges.
Step 4a: Open the Sudoers File in an Editor
In the terminal, run the following command:
visudo
This will open the /etc/sudoers file in a text editor.
Step 4b: Add the New User
Scroll down to find the following section:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
Right after this entry, add the following text:
UserName ALL=(ALL) ALL
Replace UserName with the username you created in Step 2. This section should look like the following:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
UserName ALL=(ALL) ALL
Save the file and exit.
Step 4c: Test Sudo Privileges for the User Account
Switch user accounts with the su (substitute user) command:
su — UserName
Enter the password for the account, if prompted. The terminal prompt should change to include the UserName.
Enter the following command to list the contents of the /root directory:
sudo ls —la /root
Enter the password for this user when prompted. The terminal should display a list of all the directories in the /root directory.
Conclusion
Whichever method you use, this guide should help you either create a new user with sudo privileges or modify an existing user to use sudo. If you have more than one user to elevate, you can add them one at a time in Step 3, or all at once in Step 4.
The sudo command is critical for running advanced and administrative tasks on a Linux system. While this could be done using a root user (or administrator account), most system administrators advise against operating permanently in a root account. Not only can it be a security risk, but it can also allow changes to a Linux system that can break functionality. The sudo command provides a workaround by allowing a user to temporarily elevate their privileges for a single task.
In CentOS 7, a user will need to enter a password for each sudo command they use. This is by design because allowing more than one command would bypass the security features of a regular user account.
For more information about the su or sudo commands, the CentOS 7 wiki page has a wealth of information.