CentOS is a free and open source Enterprise Linux distro derived from upstream distro called Red Hat Enterprise Linux (RHEL). CentOS mostly used on servers and clusters. The sudo command allows users to run programs with the security privileges of another user, by default the root user. The /etc/sudoers file contains security policy for system users and group that is used by the sudo command. This page explains how to add a new sudo user on CentOS Linux 8 systems.
Procedure to add or create a sudo user on CentOS 8
- Open the terminal application
- For remote CentOS server use the ssh command and log in as the root user using either su or sudo.
- Create a new CentOS user named tom, run: useradd tom
- Set the password, execute: passwd tom
- Make tom user sudo user on CentOS Linux 8, run : usermod -aG wheel tom
- Verify it by running the id tom command
Let us see all commands and examples in details.
Log in to the CentOS server
Run ssh command:
$ ssh root@centos8-server
OR
$ ssh vivek@centos-8-server-ip
Next, log in as root user:
$ su -
OR
$ sudo -i
How To create a new sudo user on CentOS
First create a new CentOS user account from the command line. For example, create the marlena user account, run:
# adduser marlena
Set the password for marlena user by typing the following passwd command:
# passwd marlena
A new user account was created. Verify it:
# id marlena
In CentOS 8 Linux server all members of the wheel group have sudo access. So all you have to do is append user account to the wheel group using the usermod command command:
# usermod -aG wheel marlena
User account marlena now have sudo privileges. Verify it by running the id command or grep command on /etc/passwd and /etc/group files:
# id marlena
# grep '^marlena' /etc/passwd
# grep '^wheel' /etc/group
How to test sudo user access
You can test sudo access as follows. Login as marlena user either using ssh or terminal:
ssh marlena@centos-8-server
## OR ##
ssh marlena@10.83.200.54
## verify current user id ##
id
## Now, gain root shell ##
sudo -i
## Verify id again ##
id
## Run command as root ##
sudo systemctl status sshd.service
sudo ls -l /root/
After that log out:
exit
A note about supplementary groups of the new account
Furthermore, it is possible to add a new user and add it to the wheel group in a single command. For instance, add a new user named wendy and set seconday group memebership to wheel as follows:
# adduser -G wheel {userName}
# adduser -G wheel wendy
# passwd wendy
# id wendy
Sample outputs:
uid=1001(wendy) gid=1001(wendy) groups=1001(wendy),10(wheel)
How to grant or add existing user account to sudo on CentOS
Say you need to add an existing user account and grant her administrative rights. In this instance, I am going to give sudo access to an existing user named vivek by adding the user to the wheel group:
# usermod -aG wheel {username}
# usermod -aG wheel vivek
# id vivek
In other words, we used the usermod command to configure and grant sudo access for an existing user.
How to see sudo admin privileges logs
It is a good idea to delegate admin privileges using sudo as it keeps track of user account in a log file. Above all, it is a good security practice. For example, type the following grep command/egrep command/tail command:
# tail -f /var/log/secure
# grep marelna /var/log/secure
# grep marlena /var/log/secure | grep -i command
Sample outputs:
Dec 3 17:42:05 centos-8 sudo[603]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash Dec 3 17:42:56 centos-8 sudo[691]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash Dec 3 17:43:10 centos-8 sudo[711]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/systemctl status sshd.service Dec 3 17:44:22 centos-8 sudo[720]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash Dec 3 17:45:52 centos-8 sudo[750]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/systemctl enable nginx.service Dec 3 17:49:57 centos-8 sudo[813]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash Dec 3 17:50:09 centos-8 sudo[840]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/ls /root/ Dec 3 17:50:13 centos-8 sudo[843]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/ls -l /root/ Dec 3 18:17:03 centos-8 sudo[884]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/date
Similarly, security policies may log successful and failed attempts to use sudo. In addition, if an I/O plugin configured, the running command’s input and output may be recorded as well in the log file. The sudo command is better than su and keeps a detailed log for all admin tasks run by other users. Therefore, sudo is the right choice for granting admin rights on the CentOS server.
A note about deleting a user account in CentOS 8
The syntax is as follows:
# userdel -r {userName}
For instance, delete user marlena removing her admin rights granted via sudo too:
# userdel -r marlena
Conclusion
You learned how to add a new and existing user account to sudo in CentOS 8 by appending them to wheel group so that they can run admin commands. The sudo command has many more options. Therefore, see sudo help docs here. See also man pages by typing the following command:
man sudo
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 1 comment... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Comments on this entry are closed.
Have a question or command? Post it on the forum thread here.