Add / Create a Sudo User on CentOS Linux 8 sudoers

ADVERTISEMENTS



Procedure to add or create a sudo user on CentOS 8

Open the terminal application For remote CentOS server use the ssh command and log in as the root user using either su or sudo. Create a new CentOS user named tom, run: useradd tom Set the password, execute: passwd tom Make tom user sudo user on CentOS Linux 8, run : usermod -aG wheel tom Verify it by running the id tom command

How do I add / create a sudo user on CentOS Linux 8 using the command line? How can I add a CentOS 8 user to sudoers file?CentOS is a free and open source Enterprise Linux distro derived from upstream distro called Red Hat Enterprise Linux (RHEL). CentOS mostly used on servers and clusters. The sudo command allows users to run programs with the security privileges of another user, by default the root user. The /etc/sudoers file contains security policy for system users and group that is used by the sudo command. This page explains how to add a new sudo user on CentOS Linux 8 systems.

Let us see all commands and examples in details.

Log in to the CentOS server

Run ssh command:

$ ssh root@centos8-server

OR

$ ssh vivek@centos-8-server-ip

Next, log in as root user:

$ su -

OR

$ sudo -i

How To create a new sudo user on CentOS

First create a new CentOS user account from the command line. For example, create the marlena user account, run:

# adduser marlena

Set the password for marlena user by typing the following passwd command:

# passwd marlena

A new user account was created. Verify it:

# id marlena

In CentOS 8 Linux server all members of the wheel group have sudo access. So all you have to do is append user account to the wheel group using the usermod command command:

# usermod -aG wheel marlena



User account marlena now have sudo privileges. Verify it by running the id command or grep command on /etc/passwd and /etc/group files:

# id marlena

# grep '^marlena' /etc/passwd

# grep '^wheel' /etc/group

How to test sudo user access

You can test sudo access as follows. Login as marlena user either using ssh or terminal:

ssh marlena@centos-8-server

## OR ##

ssh marlena@10.83.200.54

## verify current user id ##

id

## Now, gain root shell ##

sudo -i

## Verify id again ##

id

## Run command as root ##

sudo systemctl status sshd.service

sudo ls -l /root/



After that log out:

exit

A note about supplementary groups of the new account

Furthermore, it is possible to add a new user and add it to the wheel group in a single command. For instance, add a new user named wendy and set seconday group memebership to wheel as follows:

# adduser -G wheel {userName}

# adduser -G wheel wendy

# passwd wendy

# id wendy

Sample outputs:

uid=1001(wendy) gid=1001(wendy) groups=1001(wendy),10(wheel)

How to grant or add existing user account to sudo on CentOS

Say you need to add an existing user account and grant her administrative rights. In this instance, I am going to give sudo access to an existing user named vivek by adding the user to the wheel group:

# usermod -aG wheel {username}

# usermod -aG wheel vivek

# id vivek

In other words, we used the usermod command to configure and grant sudo access for an existing user.

How to see sudo admin privileges logs

It is a good idea to delegate admin privileges using sudo as it keeps track of user account in a log file. Above all, it is a good security practice. For example, type the following grep command/egrep command/tail command:

# tail -f /var/log/secure

# grep marelna /var/log/secure

# grep marlena /var/log/secure | grep -i command

Sample outputs:

Dec 3 17 : 42 :05 centos- 8 sudo [ 603 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/bash Dec 3 17 : 42 : 56 centos- 8 sudo [ 691 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/bash Dec 3 17 : 43 : 10 centos- 8 sudo [ 711 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/systemctl status sshd.service Dec 3 17 : 44 : 22 centos- 8 sudo [ 720 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/bash Dec 3 17 : 45 : 52 centos- 8 sudo [ 750 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/systemctl enable nginx.service Dec 3 17 : 49 : 57 centos- 8 sudo [ 813 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/bash Dec 3 17 : 50 :09 centos- 8 sudo [ 840 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/ls /root/ Dec 3 17 : 50 : 13 centos- 8 sudo [ 843 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/ls -l /root/ Dec 3 18 : 17 :03 centos- 8 sudo [ 884 ] : marlena : TTY = pts/ 0 ; PWD = /home/marlena ; USER = root ; COMMAND=/bin/date Dec 3 17:42:05 centos-8 sudo[603]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash Dec 3 17:42:56 centos-8 sudo[691]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash Dec 3 17:43:10 centos-8 sudo[711]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/systemctl status sshd.service Dec 3 17:44:22 centos-8 sudo[720]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash Dec 3 17:45:52 centos-8 sudo[750]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/systemctl enable nginx.service Dec 3 17:49:57 centos-8 sudo[813]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/bash Dec 3 17:50:09 centos-8 sudo[840]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/ls /root/ Dec 3 17:50:13 centos-8 sudo[843]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/ls -l /root/ Dec 3 18:17:03 centos-8 sudo[884]: marlena : TTY=pts/0 ; PWD=/home/marlena ; USER=root ; COMMAND=/bin/date

Similarly, security policies may log successful and failed attempts to use sudo. In addition, if an I/O plugin configured, the running command’s input and output may be recorded as well in the log file. The sudo command is better than su and keeps a detailed log for all admin tasks run by other users. Therefore, sudo is the right choice for granting admin rights on the CentOS server.

A note about deleting a user account in CentOS 8

The syntax is as follows:

# userdel -r {userName}

For instance, delete user marlena removing her admin rights granted via sudo too:

# userdel -r marlena

Conclusion

You learned how to add a new and existing user account to sudo in CentOS 8 by appending them to wheel group so that they can run admin commands. The sudo command has many more options. Therefore, see sudo help docs here. See also man pages by typing the following command:

man sudo

