CentOS / Red Hat: Sudo Allows People In Group Admin To Run All Commands

I like the way Ubuntu Linux works – all people in admin groups should able to run all commands after running it via sudo “command-name”. How do I setup sudo under CentOS or Red Hat Enterprise Linux to allow all members of the ‘admin’ group to run all commands?

ADVERTISEMENTS

/etc/sudoers files allows particular users or groups to run various commands as he root user, without needing the root password. This is useful for delegating roles and permissions to other users without sharing the root password. This file must be edited with the visudo command. Login as the root user and enter:

# visudo
Append the following line:

## Allows people in group admin to run all commands
%admin  ALL=(ALL)       ALL

Save and close the file. Finally, add a group called admin:
# groupadd admin
Add a user called vivek (existing user) to group admin:
# usermod -a -G admin vivek
Verify group membership:
# id vivek
Sample Outputs:

uid=5001(vivek) gid=5001(vivek) groups=5001(vivek),10(admin)

Login as user vivek and to run any command as the root type:
$ sudo /etc/init.d/httpd restart
To gain root shell, enter:
$ sudo -s
When prompted for a password, enter vivek’s password.

How Do I Keep Track Of All Users In Admin Group?

sudo can log both successful and unsuccessful attempts (as well as errors) to syslog (default is /var/log/secure), a log file, or both. By default sudo will log via syslog but this is changeable at configure time or via the sudoers file.
# tail -f /var/log/secure
# grep something /var/log/secure

Please note that sudo will normally only log the command it explicitly runs. If a user runs a command such as sudo su or sudo sh, subsequent commands run from that shell will not be logged, nor will sudo’s access control affect them. The same is true for commands that offer shell escapes (including most editors).

See Also:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
6 comments… add one
  • Stefan Näwe Aug 18, 2009 @ 8:07

    Is that command really called groupmod ?
    I had to use usermod -a -G admin username

    Regards,
    Stefan

  • 🐧 nixCraft Aug 18, 2009 @ 9:31

    @ Stefan,

    Thanks for the heads-up!

  • Saif Aug 18, 2009 @ 10:50

    Its quiet useful..thanks :)

  • Aaron Brown Aug 19, 2009 @ 1:26

    Traditionally, the group “wheel” is used as the admin group. It is commented out in /etc/sudoers – just uncomment it and add users to it by editing /etc/group.

  • alireza sadeh seighalan Aug 19, 2009 @ 19:47

    hi dear

    thanks alot

  • Mohan Sahu Aug 26, 2009 @ 7:14

    ThanQ so much

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.