NOTE

Linux administrators often tell users that “with great power comes great responsibility,” when granting root or administrator privileges.  Be careful how you use your sudo!

Prerequisites

  • A system running CentOS 7
  • Access to a user account with root privileges

Tools/Software

  • Terminal window (click menu > applications > utilities > terminal)

Steps to Create a New Sudo User

Step 1: Login as Administrator

If you’re working on a local machine, simply log in to the system with administrator credentials.

If you’re connecting to a remote machine (over a network), open a terminal window and enter the following command:

ssh root@server_ip_address

The server_ip_address is the network IP address of the server you’re logging into. Enter your credentials when prompted.

Step 2: Create a New User

Note:  If you’re simply granting sudo privileges to an existing user, skip ahead to Step 3.

In the terminal window, type the following:

adduser UserName

Use the actual username for your new user in place of UserName.

Next, create a password for the new user by entering the following in your terminal window:

passwd UserName

The system should display a prompt in which you can set and confirm a password for your new user account.  If successful, the system should respond that “all authentication tokens updated successfully.”

NOTE

A strong password has more characters and a few special characters (such as numbers, symbols, or capitals). Make sure you’re choosing an appropriately strong password for your system. Click here for more information on strong passwords.

Step 3: Grant Sudo Privileges Through the Wheel Group

By default, CentOS 7 has a user group called the “wheel” group. Members of the wheel group are automatically granted sudo privileges. Adding a user to this group is a quick and easy way to grant sudo privileges to a user.

Step 3a: Check That the Wheel Group is Enabled

Your CentOS 7 installation may or may not have the wheel group enabled. Open the configuration file by entering the following command into the terminal:

visudo

Scroll through the configuration file until you see the following entry:

## Allows people in group wheel to run all commands

# %wheel        ALL=(ALL)       ALL

If the second line begins with the # sign, it has been disabled and marked as a comment. Simply delete the # sign at the beginning of the second line so it looks like the following:

%wheel        ALL=(ALL)       ALL

Then save the file and exit the editor.

NOTE

If this line didn’t start with a # sign, you don’t need to make any changes. The wheel group is already enabled, and you can close the editor.

Step 3b: Add a User to the Wheel Group

Use the following command to add a user to the wheel group:

usermod –aG wheel UserName

As usual, change UserName to the name of the user receiving sudo privileges.

Step 3c: Test Sudo for the New Account

Switch to the new (or newly-elevated) user account with the su (substitute user) command:

su - UserName

Enter the password for the account, if prompted. The terminal prompt should change to include the UserName.

Enter the following command to list the contents of the /root directory:

sudo ls -la /root

The terminal should request the password for UserName. Enter it, and you should see a display of the list of directories. Since listing the contents of /root requires sudo privileges, this works as a quick way to prove that UserName can use the sudo command.

Step 4 (optional): Add User to Sudoers CentOS

If there’s a problem with the wheel group, or administrative policy prevents you from creating or modifying groups, you can add a user directly to the sudoers configuration file to grant sudo privileges.

Step 4a: Open the Sudoers File in an Editor

In the terminal, run the following command:

visudo

This will open the /etc/sudoers file in a text editor.

Step 4b: Add the New User

Scroll down to find the following section:

## Allow root to run any commands anywhere

root ALL=(ALL) ALL

Right after this entry, add the following text:

UserName ALL=(ALL) ALL

Replace UserName with the username you created in Step 2. This section should look like the following:

## Allow root to run any commands anywhere

root ALL=(ALL) ALL

UserName ALL=(ALL) ALL

Save the file and exit.

Step 4c: Test Sudo Privileges for the User Account

Switch user accounts with the su (substitute user) command:

su — UserName

Enter the password for the account, if prompted. The terminal prompt should change to include the UserName.

Enter the following command to list the contents of the /root directory:

sudo ls —la /root

Enter the password for this user when prompted.  The terminal should display a list of all the directories in the /root directory.

Conclusion

Whichever method you use, this guide should help you either create a new user with sudo privileges or modify an existing user to use sudo. If you have more than one user to elevate, you can add them one at a time in Step 3, or all at once in Step 4.

The sudo command is critical for running advanced and administrative tasks on a Linux system. While this could be done using a root user (or administrator account), most system administrators advise against operating permanently in a root account. Not only can it be a security risk, but it can also allow changes to a Linux system that can break functionality. The sudo command provides a workaround by allowing a user to temporarily elevate their privileges for a single task.

In CentOS 7, a user will need to enter a password for each sudo command they use. This is by design because allowing more than one command would bypass the security features of a regular user account.

For more information about the su or sudo commands, the CentOS 7 wiki page has a wealth of information.