Granting SUDO access to a local user account in RHEL/CentOS
It has always been advised that use of ‘root’ account should be limited, as root has access to anything & everything on a Linux system. And also sharing root password to a number of users is clearly a security threat, but use of root’s administrative right might be necessity in some cases. So we can provide some trusted users with sudo access/administrative rights without actually sharing root’s password with them.
After they are given the access, trusted users can then run any command prefixed with ‘sudo’ & will then be prompted for a password. Once authenticated , command is executed as if it has been executed by root account.
There are two things that we do to configure administrative access to users,
- If having a number of users that require administrative privileges , we can add them all to an already created administrative group named “wheel” ,
- Or if administrative rights are only needed for a single user, than we can only create any entry for that user.
Administrative access to number of users
Firstly if not already created, add all the users that require sudo/admin access,
& assign them password,
Once all the users have been added, we will now edit /etc/sudoers file. Sudoers file is define policies applied to ‘sudo’. To edit the file, run
This will open the file /etc/sudoers, we now need to find section that contains ‘wheel’ group.
Search for ‘wheel’ & uncomment the line by removing ‘#’ (its commented by default). Save & then exit the file after editing it. Now we will add all our users to group ‘wheel’.
To add a user to group ‘wheel’, run
Similarly, add other users as well. Now all the added users have administrative privileges
To check , log in as a local user & run any command with adding sudo before command,
You will be presented with the following output on the screen, enter the password for user & command will be executed.
Adding only a single user
To add only a single user with administrative rights, open ‘/etc/sudoers’ file & make an entry for the user
& add the following line at the bottom of the file,
Save & exit the file. User ‘dan’ now has administrative rights. You can check the user’s right by using the same process as we used above.
If having any issues or queries, please mention them in the comment box below.