How to add user to sudo
How to add user to sudo
How To Add User to Sudoers & Add User to Sudo Group on CentOS 7
Home » SysAdmin » How To Add User to Sudoers & Add User to Sudo Group on CentOS 7
The sudo command stands for “Super User DO” and temporarily elevates the privileges of a regular user for administrative tasks. The sudo command in CentOS provides a workaround by allowing a user to elevate their privileges for a single task temporarily.
This guide will walk you through the steps to add a user to sudoers in CentOS.
Note: Linux Sudo Command tutorials also available for Debian and Ubuntu.
Add User to Sudoers on CentOS
Step 1: Login as Administrator
If you’re working on a local machine, log in to the system with administrator credentials.
If you’re connecting to a remote machine (over a network), open a terminal window and enter the command:
The server_ip_address is the network IP address of the server you’re logging into. Enter your credentials when prompted.
Step 2: Create a New Sudo User
To add a new sudo user, open the terminal window and enter the command:
Use the actual username for your new user in place of UserName.
Next, create a password for the new user by entering the following in your terminal window:
The system should display a prompt in which you can set and confirm a password for your new user account. If successful, the system should respond with “all authentication tokens updated successfully.”
Note: A strong secure password has more characters and a few special characters (such as numbers, symbols, or capitals). To master managing passwords with passwd commands, refer to our article How To Use The Passwd Command.
How to Add Users to Sudo Group
By default, CentOS 7 has a user group called the “wheel” group. Members of the wheel group are automatically granted sudo privileges. Adding a user to this group is a quick and easy way to grant sudo privileges to a user.
Step 1: Verify the Wheel Group is Enabled
Your CentOS 7 installation may or may not have the wheel group enabled.
Open the configuration file by entering the command:
Scroll through the configuration file until you see the following entry:
If the second line begins with the # sign, it has been disabled and marked as a comment. Just delete the # sign at the beginning of the second line so it looks like the following:
Then save the file and exit the editor.
Note: If this line didn’t start with a # sign, you don’t need to make any changes. The wheel group is already enabled, and you can close the editor.
Step 2: Add User to Group
To add a user to the wheel group, use the command:
As usual, replace UserName with the name of the user receiving sudo privileges.
Step: 3 Switch to the Sudo User
Switch to the new (or newly-elevated) user account with the su (substitute user) command:
Enter the password if prompted. The terminal prompt should change to include the UserName.
Enter the following command to list the contents of the /root directory:
The terminal should request the password for UserName. Enter it, and you should see a display of the list of directories. Since listing the contents of /root requires sudo privileges, this works as a quick way to prove that UserName can use the sudo command.
Alternative: Add User to Sudoers Configuration File
If there’s a problem with the wheel group, or administrative policy prevents you from creating or modifying groups, you can add a user directly to the sudoers configuration file to grant sudo privileges.
Step 1: Open the Sudoers File in an Editor
In the terminal, run the following command:
This will open the /etc/sudoers file in a text editor.
Step 2: Add the New User to file
Scroll down to find the following section:
Right after this entry, add the following text:
Replace UserName with the username you created in Step 2. This section should look like the following:
Save the file and exit.
Step 3: Test Sudo Privileges for the User Account
Switch user accounts with the su (substitute user) command:
Enter the password for the account, if prompted. The terminal prompt should change to include UserName.
List the contents of the /root directory:
Enter the password for this user when prompted. The terminal should display a list of all the directories in the /root directory.
This guide showed you how to add a user to sudoers in CentOS or modify the privileges of an existing sudo user.
The Linux sudo command is critical for running advanced and administrative tasks on a Linux system. While this could be done using a root user (or administrator account) using the su command, system administrators advise against operating permanently in a root account. Not only can it be a security risk, but it can also allow changes to a Linux system that can break functionality.
How To Create a New Sudo-enabled User on Ubuntu 20.04 [Quickstart]
Introduction
When managing a server, you’ll sometimes want to allow users to execute commands as “root,” the administrator-level user. The sudo command provides system administrators with a way to grant administrator privileges — ordinarily only available to the root user — to normal users.
In this tutorial, you’ll learn how to create a new user with sudo access on Ubuntu 20.04 without having to modify your server’s /etc/sudoers file.
Note: If you want to configure sudo for an existing user, skip to step 3.
Step 1 — Logging Into Your Server
SSH in to your server as the root user:
Step 2 — Adding a New User to the System
Use the adduser command to add a new user to your system:
Be sure to replace sammy with the username that you want to create. You will be prompted to create and verify a password for the user:
Next, you’ll be asked to fill in some information about the new user. It is fine to accept the defaults and leave this information blank:
Step 3 — Adding the User to the sudo Group
Use the usermod command to add the user to the sudo group:
Again, be sure to replace sammy with the username you just added. By default on Ubuntu, all members of the sudo group have full sudo privileges.
Step 4 — Testing sudo Access
To test that the new sudo permissions are working, first use the su command to switch to the new user account:
As the new user, verify that you can use sudo by prepending sudo to the command that you want to run with superuser privileges:
For example, you can list the contents of the /root directory, which is normally only accessible to the root user:
The first time you use sudo in a session, you will be prompted for the password of that user’s account. Enter the password to proceed:
Note: This is not asking for the root password! Enter the password of the sudo-enabled user you just created.
If your user is in the proper group and you entered the password correctly, the command that you issued with sudo will run with root privileges.
Conclusion
In this quickstart tutorial, we created a new user account and added it to the sudo group to enable sudo access.
For your new user to be granted external access, please follow our section on Enabling External Access for Your Regular User.
If you need more detailed information on setting up an Ubuntu 20.04 server, please read our Initial Server Setup with Ubuntu 20.04 tutorial.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in our Questions & Answers section, find tutorials and tools that will help you grow as a developer and scale your project or business, and subscribe to topics of interest.
How to add user to sudoers with best practices & examples
Table of Contents
How do we add user to sudoers file? How to give user sudo access? How to give root privileges to a user in linux? how to give superuser permission in linux? What are sudo alias? What is the syntax used by sudoers file?
These are some of the common questions user have when they start working with sudoers file. In this tutorial I will give you a detailed overview on sudo privileges and share the proper way to add user to sudoers file.
Overview on sudoers privilege
It is very important to update sudoers correctly or else you may break the complete sudoers functionality. There is a particular syntax which must be followed while adding a user or new entry to the sudoers file.
We will discuss about those syntax later in this article. But first let me highlight you the dos and dont’s which you must follow when working with sudoers file.
Recommended guidelines to edit sudoers file
I hope we are clear on the dos and dont’s before you work on sudoers file. Let us now understand the basic syntax of sudoers file.
Syntax of sudoers file
First column
Second Column
Third Column
Fourth Column
So now that we know about the basic syntax of sudoers file, let us go ahead and add some users to sudoers file with privilege to execute few commands as root user
How to add user to sudoers
In this example we want to provide sudo privilege to user » deepak » from my Linux server to be able to execute chown and chmod as root user
Example to understand first field of sudoers file
I will create a new file under /etc/sudoers.d/ by the name » custom «, you can use any name as per your requirement
Add the below content in this file using visudo
Save and exit the file.
Add user to sudoers
Next try to login as deepak user and execute chown as sudo
So the command prompts for password and the execution is successful. You can ignore the » missing operand » error, since I have not used proper command syntax, the command is throwing error. But we know the command was executed successfully with sudo privilege
Now this would explain the first column
Example to understand second field of sudoers file
Let’s understand the usage of second column.
Now we have 100 servers and using some remote tool we are deploying sudoers list to all these 100 servers. Now our of these 100 servers we want user deepak to be allowed to use chown only on the host with hostname » server » so we will use
Now the same sudoers script will be deployed to 100 servers but user deepak will be allowed use chown with sudo only on server. If he tries to use chown on other servers, he will get
While the same would work on » server » host
But again this is of not too much use when you are working on single server deployment. You can choose to use wildcard ALL or provide the hostname of your host, either should be fine.
So this explains the second column.
Example to understand third field of sudoers file
Let us understand how third column is used in sudoers file.
We have a script which should only be used by user » amit » but due to some requirement we also want user » deepak » to be able to execute this script.
Sample script to verify sudo permission
sudo to the rescue
We will add below content to our /etc/sudoers.d/custom
Then he tries to run the same script as sudo user, but sadly the output says he is not allowed to execute /tmp/amit_script.sh when he knows he was given privilege for this.
Bingo, it worked.
So I hope the third column usage was clear.
The fourth column should be easy to understand. You must provide the list of commands, or scripts with full path separated by a command and whitespace character.
How to use alias in sudoers
There is a concept of alias in sudoers which can keep your sudoers file organized and clean. It is similar to a variable which we use in scripts and codes. Here in the below syntax, all the ALIAS_NAME must be provided in UPPERCASE letters or you will get syntax error.
You can create a user alias using
To create a command alias
To create host alias
For example, I have a scenario where I want to assign permission to execute same set of commands to a bunch of users. Now these users are from different system groups. So in such case I have below possible options
So the third option sounds easy and neat. Hence I will create a new User_Alias and add the usernames to this alias
Next assign the permission of commands to this alias
So now all the users part of MYADMINS alias group will have sudo privilege to execute chown as root user.
Disallow a set of commands in sudoers
So open the sudoers file
Let us verify this permission:
As expected, user deepak is allowed to use chmod
But execution of chown is denied as defined in our configuration
Remove password prompt for sudo user
So now user deepak can execute all the commands with sudo privilege without the need to enter password every time
These can be used with scripting solutions to automate the command execution.
Conclusion
In this tutorial I gave you a complete overview on best practices to use and modify sudoers file. The steps to add user to sudoers with proper syntax and different practical examples, about different alias, and executing sudo commands without password prompt. In production environment, sudoers file are handled very cautiously. The default sudoers file contain a lot of default entries and it may break if you do not modify the this file properly.
Lastly I hope the steps from the article to learn all about sudo privilege and sudoers file on Linux was helpful. So, let me know your suggestions and feedback using the comment section.
You can read more about sudo privilege:
Related Posts
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Thank You for your support!!
How To Add User To Sudoers & Add User To Sudo Group on Ubuntu
Home » SysAdmin » How To Add User To Sudoers & Add User To Sudo Group on Ubuntu
The sudo command is the preferred means to handle elevated permissions. In supported versions of Ubuntu, using the sudo command will grant elevated permissions for 15 minutes.
Standard user accounts are restricted from performing sensitive tasks, such as viewing the contents of the /root directory. This prevents the accidental use of commands with massive consequences. It also makes it more difficult for intruders to compromise a system. However, sometimes you need to run an administrative command. Sudo – or Super User Do – grants you privileges to run sensitive tasks.
This simple tutorial will show you how to add a new user on Ubuntu and provide sudo access.
Note: Linux Sudo Command tutorials also available for CentOS and Debian.
Steps to Add Sudo User on Ubuntu
Step 1: Create New User
1. Log into the system with a root user or an account with sudo privileges.
2. Open a terminal window and add a new user with the command:
The adduser command creates a new user, plus a group and home directory for that user.
You may get an error message that you have insufficient privileges. (This typically only happens for non-root users.) Get around it by entering:
3. You can replace newuser with any username you wish. The system will add the new user; then prompt you to enter a password. Enter a great secure password, then retype it to confirm.
4. The system will prompt you to enter additional information about the user. This includes a name, phone numbers, etc. – these fields are optional, and can be skipped by pressing Enter.
Step 2: Add User to Sudo Group
Most Linux systems, including Ubuntu, have a user group for sudo users. To grant the new user elevated privileges, add them to the sudo group.
In a terminal, enter the command:
Replace newuser with the username that you entered in Step 1.
Again, if you get an error, run the command with sudo as follows:
Note: Usermod command is a useful tool for user management. To learn more about its options, refer to our guide How To Use The Usermod Command In Linux.
Step 3: Verify User Belongs to Sudo Group
Enter the following to view the groups a user belongs to:
The system will respond by listing the username and all groups it belongs to, for example: newuser : newuser sudo
Step 4: Verify Sudo Access
Switch users by entering:
Replace newuser with the username you entered in Step 1. Enter your password when prompted. You can run commands as normal, just by typing them.
However, some commands or locations require elevated privileges. If you try to list the contents of the /root directory, you’ll get an access denied error: ls /root
The command can be executed with:
The system will prompt for your password. Use the same password you set in Step 1. You should now see the contents of the /root directory.
Now you know how to add and create a user with sudo privileges on Ubuntu.
Before sudo, users would log in to their systems with full permissions over the entire system with the su command. This was risky as users could be exploited by tricking them into entering malicious commands. These vulnerabilities were solved by limiting account privileges. However, administrators still had to log out of their account and into an admin account to perform routine tasks.
The sudo command in Ubuntu strikes a balance – protecting user accounts from malicious or inadvertent damage while allowing a privileged user to run administrative tasks. To learn more about the difference between these commands, check out Sudo vs. Su.
How To Create a New Sudo-enabled User on Ubuntu 18.04 [Quickstart]
Introduction
The sudo command provides a mechanism for granting administrator privileges — ordinarily only available to the root user — to normal users. This guide will show you how to create a new user with sudo access on Ubuntu 18.04, without having to modify your server’s /etc/sudoers file. If you want to configure sudo for an existing user, skip to step 3.
Step 1 — Logging Into Your Server
SSH in to your server as the root user:
Step 2 — Adding a New User to the System
Use the adduser command to add a new user to your system:
Be sure to replace sammy with the user name that you want to create. You will be prompted to create and verify a password for the user:
Next you’ll be asked to fill in some information about the new user. It is fine to accept the defaults and leave all of this information blank:
Step 3 — Adding the User to the sudo Group
Use the usermod command to add the user to the sudo group:
Again, be sure to replace sammy with the username you just added. By default, on Ubuntu, all members of the sudo group have full sudo privileges.
Step 4 — Testing sudo Access
To test that the new sudo permissions are working, first use the su command to switch to the new user account:
As the new user, verify that you can use sudo by prepending sudo to the command that you want to run with superuser privileges:
For example, you can list the contents of the /root directory, which is normally only accessible to the root user:
The first time you use sudo in a session, you will be prompted for the password of that users account. Enter the password to proceed:
Note: This is not asking for the root password! Enter the password of the sudo-enabled user, not a root password.
If your user is in the proper group and you entered the password correctly, the command that you issued with sudo will run with root privileges.
Conclusion
In this quickstart tutorial we created a new user account and added it to the sudo group to enable sudo access. For more detailed information on setting up an Ubuntu 18.04 server, please read our Initial Server Setup with Ubuntu 18.04 tutorial.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in our Questions & Answers section, find tutorials and tools that will help you grow as a developer and scale your project or business, and subscribe to topics of interest.
Источники информации:
- http://www.digitalocean.com/community/tutorials/how-to-create-a-new-sudo-enabled-user-on-ubuntu-20-04-quickstart
- http://www.golinuxcloud.com/add-user-to-sudoers/
- http://phoenixnap.com/kb/how-to-create-sudo-user-on-ubuntu
- http://www.digitalocean.com/community/tutorials/how-to-create-a-new-sudo-enabled-user-on-ubuntu-18-04-quickstart