"sudo" user can run an administrative task or command which a normal user is not allowed to. This guide explains how to add, delete and grant
sudo privileges to users in CentOS and other RHEL-based systems. I have used the following steps to create sudo user in CentOS 8 minimal edition. However it should work on other RPM-based systems as well.
What is sudo?
In Linux and Unix in general, the
sudo program allows a normal user to temporarily get superuser's or
root user's capabilities. Using
sudo command, a normal user can perform the administrative tasks, without even having access to the
root user's password. Instead of giving away
root password to anyone, just assign the
sudo permissions to the users to elevate their privileges. The word "sudo" originally came from "superuser do", because it primarily used to perform superuser's tasks. Now, It also stands for "substitute user do"
Benefits of sudo users
sudo user offers many advantages as listed below:
- The system admin doesn't need to share the
rootuser password to all.
- A normal user can perform administrative tasks even if he/she doesn't know the
- The sudo permissions can be granted to and revoked from the users at any time.
- The sudo session will automatically expire after a specific period of user inactivity. It is quite useful when an user forgot to logout his session. By default, the sudo session will expire after 15 minutes of inactivity.
- The system admins can monitor the activities of all sudo users. All sudo users' activities are logged in
/var/log/securefile. If there are any issues, you can look into the log file and try to figure what went wrong. You would also find who is abusing the sudo privileges and you can simply revoke his permission.
Add, Delete And Grant Sudo Privileges To Users In CentOS
Log in to your CentOS system as
root user or as any user that has sudo permission.
First, let us add a new user.
1. Add users in CentOS
Let me create a new user named "senthil". To do so, I ran the following command as
root user from Terminal:
# adduser senthil
Set a password to the new user "senthil":
# passwd senthil
Now, we have created a normal user. He is not authorized yet to perform any administrative tasks. Let us check if the user "senthil" can use
sudo command or not by running the following command:
# sudo -l -U senthil
User senthil is not allowed to run sudo on centos8
Yes, he is not yet allowed to run
sudo on my CentOS 8 system. Let us give him
sudo rights now.
2. Grant sudo privileges to users in CentOS
To add a normal user to sudoers group, you need to add him/her to the
wheel group. For those wondering, the
wheel is a special group in some Unix-like operating systems. All the members of
wheel group are allowed to perform administrative tasks. Wheel group is similar to
sudo group in Debian-based systems.
We can add users to sudoers in two ways. The first method is using
2.1. Add users to sudoers using
usermod command in CentOS
Now let us grant sudo privileges to the newly created user "senthil" by adding him to the
wheel group using
usermod command like below:
# usermod -aG wheel senthil
-aG refers append to a supplementary group. In our case, it is
wheel group. That's it, we just granted sudo rights to the user "senthil".
Let us verify if the user is in the sudoers list with command:
# sudo -l -U senthil
Matching Defaults entries for senthil on centos8: !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin:/bin:/usr/sbin:/usr/bin User senthil may run the following commands on centos8: (ALL) ALL
As you can see in the last line of the above output, the user "senthil" can now perform all commands.
2.2. Add users to sudoers by editing sudoers configuration file in CentOS
The another way to add users to sudoers list is by directly adding him/her to the sudoers configuration file.
Edit sudoers configuration file using command:
This will open
/etc/sudoers file in your Vi editor or whatever you have in your
$PATH. Scroll down until you find following entry:
root ALL=(ALL) ALL
Right after the above entry, add the following line:
senthil ALL=(ALL) ALL
Here, the line
ALL=(ALL) ALL refers the user "senthil" can perform any commands on any host. Replace "senthil" with your own user name. Save and close the file. Done! The user "senthil" has been added to sudoers list.
2.3. Verify sudo users in CentOS
Log out from the current session and log back in as the newly created sudo user. Alternatively, you can directly switch to the other user, without having to log out from the current session, using the following command:
# sudo -i -u senthil
Now, verify if the user can able to perform any administrative task with
$ sudo dnf update
3. Delete sudo privileges from an user in CentOS
We can remove sudo privileges from an user without having to entirely delete the user account.
To revoke sudo permissions from a user, simply run the following command as
# gpasswd -d senthil wheel
Removing user senthil from group wheel
The above command will delete the user called
"senthil" from the
"wheel" group. Please note that the user is not entirely deleted from the system. We removed the sudo privileges only.
Check if the user can able to perform sudo operations:
# sudo -l -U senthil User senthil is not allowed to run sudo on centos8.
senthil is not anymore in the sudoers group and he can't perform any administrative tasks.
To permanently remove the user from the system, run:
# userdel -r senthil
The above command will delete the user "senthil" along with his
home directory and mail spool.
For more details, refer the respective command's man page:
$ man sudo
$ man adduser
$ man usermod
$ man gpasswd
$ man userdel
You know now how to add, delete and grant sudo privileges to users in CentOS operating systems. As you can see, it is very easy to add new users to sudoers lists, grant sudo privileges to existing user and remove the sudo permissions from a user. Hope this helps.
- How To Add, Delete And Grant Sudo Privileges To Users In Alpine Linux
- How To Add, Delete And Grant Sudo Privileges To Users In Arch Linux
- How To Add, Delete And Grant Sudo Privileges To Users In Fedora
- How To Add, Delete And Grant Sudo Privileges To Users In Ubuntu
- How To Change Sudo Password Timeout In Linux
- How To Change Default Sudo Log File In Linux
- How To Restore Sudo Privileges To A User
- How To Find All Sudo Users In Your Linux System
- How To Run Particular Commands Without Sudo Password In Linux