Granting SUDO access to a local user account in RHEL/CentOS

Last updated on March 12th, 2018 at 08:29 pm

It has always been advised that use of ‘root’ account should be limited, as root has access to anything & everything on a Linux system. And also sharing root password to a number of users is clearly a security threat, but use of root’s administrative right might be necessity in some cases. So we can provide some trusted users with sudo access/administrative rights without actually sharing root’s password with them.

After they are given the access, trusted users can then run any command prefixed with ‘sudo’ & will then be prompted for a password. Once authenticated , command is executed as if it has been executed by root account.

There are two things that we do to configure administrative access to users,

  • If having a number of users that require administrative privileges , we can add them all to an already created administrative group named “wheel” ,
  • Or if administrative rights are only needed for a single user, than we can only create any entry for that user.

 

Administrative access to number of users

Firstly if not already created, add all the users that require sudo/admin access,

$ user add dan

& assign them password,

$ passwd dan

Once all the users have been added, we will now edit /etc/sudoers file. Sudoers file is define policies applied to ‘sudo’. To edit the file, run

$ visudo

This will open the file /etc/sudoers, we now need to find section that contains ‘wheel’ group.

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

Search for ‘wheel’ & uncomment the line by removing ‘#’ (its commented by default). Save & then exit the file after editing it. Now we will add all our users to group ‘wheel’.

To add a user to group ‘wheel’, run

$ usermod -aG wheel dan

Similarly, add other users as well. Now all the added users have administrative privileges

To check , log in as a local user & run any command with adding sudo before command,

$ su dan
$ sudo systemctl restart network

You will be presented with the following output on the screen, enter the password for user & command will be executed.

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
 
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.
 
[sudo] password for dan:

 

Adding only a single user

To add only a single user with administrative rights, open ‘/etc/sudoers’ file & make an entry for the user

$ visudo

& add the following line at the bottom of the file,

dan        ALL=(ALL)       ALL

Save & exit the file. User ‘dan’ now has administrative rights. You can check the user’s right by using the same process as we used above.

 

If having any issues or queries, please mention them in the comment box below.

 

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Become a Supporter – Donate us some of you hard earned money:

Linux TechLab is thankful for your continued support.

Shusain

Passionate about Linux & open source. Loves to learn, read & write about Linux as well as new technologies.

You may also like...

Leave a Reply