LinuxTechLab.

com

Granting SUDO access to a local

user account in RHEL/CentOS

Originally published on

LinuxTechLab.com
It has always been advised that use of root account should be limited, as root has
access to anything & everything on a Linux system. And also sharing root password to a
number of users is clearly a security threat, but use of roots administrative right might
be necessity in some cases. So we can provide some trusted users with sudo
access/administrative rights without actually sharing roots password with them.

After they are given the access, trusted users can then run any command prefixed with
sudo & will then be prompted for a password. Once authenticated , command is
executed as if it has been executed by root account.

There are two things that we do to configure administrative access to users,

If having a number of users that require administrative privileges , we can add them
all to an already created administrative group named wheel ,
Or if administrative rights are only needed for a single user, than we can only create
any entry for that user.

Administrative access to number of users

Firstly if not already created, add all the users that require sudo/admin access,
$ user add dan

& assign them password,

$ passwd dan

Once all the users have been added, we will now edit /etc/sudoers file. Sudoers file is
define policies applied to sudo. To edit the file, run
$ visudo

This will open the file /etc/sudoers, we now need to find section that contains wheel
group.
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

Search for wheel & uncomment the line by removing # (its commented by default).
Save & then exit the file after editing it. Now we will add all our users to group wheel.
To add a user to group wheel, run
$ usermod -aG wheel dan

Similarly, add other users as well. Now all the added users have administrative privileges
To check , log in as a local user & run any command with adding sudo before command,
$ su dan
$ sudo systemctl restart network

You will be presented with the following output on the screen, enter the password for
user & command will be executed.
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for dan:

Adding only a single user

To add only a single user with administrative rights, open /etc/sudoers file & make an
entry for the user
$ visudo
& add the following line at the bottom of the file,
dan ALL=(ALL) ALL
Save & exit the file. User dan now has administrative rights. You can check the users
right by using the same process as we used above.

If you think we have helped you or just want to support us, please consider these :-
Connect to us: Facebook | Twitter | Google Plus

LinuxTechLab.com