Add / Create a Sudo User on CentOS Linux 8 sudoers

How do I add / create a sudo user on CentOS Linux 8 using the command line? How can I add a CentOS 8 user to sudoers file?

CentOS is a free and open source Enterprise Linux distro derived from upstream distro called Red Hat Enterprise Linux (RHEL). CentOS mostly used on servers and clusters. The sudo command allows users to run programs with the security privileges of another user, by default the root user. The /etc/sudoers file contains security policy for system users and group that is used by the sudo command. This page explains how to add a new sudo user on CentOS Linux 8 systems.

ADVERTISEMENTS

Procedure to add or create a sudo user on CentOS 8

  1. Open the terminal application
  2. For remote CentOS server use the ssh command and log in as the root user using either su or sudo.
  3. Create a new CentOS user named tom, run: useradd tom
  4. Set the password, execute: passwd tom
  5. Make tom user sudo user on CentOS Linux 8, run : usermod -aG wheel tom
  6. Verify it by running the id tom command

Let us see all commands and examples in details.

Log in to the CentOS server

Run ssh command:
$ ssh root@centos8-server
OR
$ ssh vivek@centos-8-server-ip
Next, log in as root user:
$ su -
OR
$ sudo -i

How To create a new sudo user on CentOS

First create a new CentOS user account from the command line. For example, create the marlena user account, run:
# adduser marlena
Set the password for marlena user by typing the following passwd command:
# passwd marlena
A new user account was created. Verify it:
# id marlena
In CentOS 8 Linux server all members of the wheel group have sudo access. So all you have to do is append user account to the wheel group using the usermod command command:
# usermod -aG wheel marlena
How to Add or Create Sudo User on CentOS Linux 8
User account marlena now have sudo privileges. Verify it by running the id command or grep command on /etc/passwd and /etc/group files:
# id marlena
# grep '^marlena' /etc/passwd
# grep '^wheel' /etc/group

How to test sudo user access

You can test sudo access as follows. Login as marlena user either using ssh or terminal:
ssh marlena@centos-8-server
## OR ##
ssh marlena@10.83.200.54
## verify current user id ##
id
## Now, gain root shell ##
sudo -i
## Verify id again ##
id
## Run command as root ##
sudo systemctl status sshd.service
sudo ls -l /root/

How To Create a Sudo User on CentOS Linux 8
After that log out:
exit

A note about supplementary groups of the new account

Furthermore, it is possible to add a new user and add it to the wheel group in a single command. For instance, add a new user named wendy and set seconday group memebership to wheel as follows:
# adduser -G wheel {userName}
# adduser -G wheel wendy
# passwd wendy
# id wendy

Sample outputs:

uid=1001(wendy) gid=1001(wendy) groups=1001(wendy),10(wheel)

How to grant or add existing user account to sudo on CentOS

Say you need to add an existing user account and grant her administrative rights. In this instance, I am going to give sudo access to an existing user named vivek by adding the user to the wheel group:
# usermod -aG wheel {username}
# usermod -aG wheel vivek
# id vivek

In other words, we used the usermod command to configure and grant sudo access for an existing user.

How to see sudo admin privileges logs

It is a good idea to delegate admin privileges using sudo as it keeps track of user account in a log file. Above all, it is a good security practice. For example, type the following grep command/egrep command/tail command:
# tail -f /var/log/secure
# grep marelna /var/log/secure
# grep marlena /var/log/secure | grep -i command

Sample outputs:

Dec  3 17:42:05 centos-8 sudo[603]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash
Dec  3 17:42:56 centos-8 sudo[691]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash
Dec  3 17:43:10 centos-8 sudo[711]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/systemctl status sshd.service
Dec  3 17:44:22 centos-8 sudo[720]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash
Dec  3 17:45:52 centos-8 sudo[750]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/systemctl enable nginx.service
Dec  3 17:49:57 centos-8 sudo[813]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash
Dec  3 17:50:09 centos-8 sudo[840]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/ls /root/
Dec  3 17:50:13 centos-8 sudo[843]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/ls -l /root/
Dec  3 18:17:03 centos-8 sudo[884]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/date

Similarly, security policies may log successful and failed attempts to use sudo. In addition, if an I/O plugin configured, the running command’s input and output may be recorded as well in the log file. The sudo command is better than su and keeps a detailed log for all admin tasks run by other users. Therefore, sudo is the right choice for granting admin rights on the CentOS server.

A note about deleting a user account in CentOS 8

The syntax is as follows:
# userdel -r {userName}
For instance, delete user marlena removing her admin rights granted via sudo too:
# userdel -r marlena

Conclusion

You learned how to add a new and existing user account to sudo in CentOS 8 by appending them to wheel group so that they can run admin commands. The sudo command has many more options. Therefore, see sudo help docs here. See also man pages by typing the following command:
man sudo

This entry is 5 of 6 in the Linux and Unix sudo Tutorial series. Keep reading the rest of the series:
  1. Linux Login as Superuser ( root user )
  2. How can I log in as root?
  3. Ubuntu create a new sudo user on Ubuntu Linux server
  4. Add a new user account with admin access on Linux
  5. CentOS 8 Linux create a Sudo User
  6. Ubuntu 20.04 LTS create a sudo user
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS

Comments on this entry are closed.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.