How to Add User to Sudoers in CentOS
类型:【转载】
原文作者:【NA】
日期:【Nov 4, 2019】
原文地址:https://linuxize.com/post/how-to-add-user-to-sudoers-in-centos/
sudo
is a command-line utility designed to allow trusted users to run commands as another user, by default the root user.
You have two options to grant sudo access to a user. The first one is to add the user to the sudoers file. This file contains information that defines which users and groups are granted with sudo privileges, as well as the level of the privileges.
The second option is to add the user to the sudo group defined in the sudoers
file. By default, on RedHat based distributions like CentOS and Fedora, members of the “wheel” group are granted with sudo privileges.
Adding User to the wheel Group
The easiest way to grant sudo privileges to a user on CentOS is to add the user to the “wheel” group. Members of this group are able to run all commands via sudo
and prompted to authenticate themselves with their password when using sudo
.
We’re assuming that the user already exists. If you want to create a new user, check this guide.
To add the user to the group, run the command below as root or another sudo user. Change “username” with the name of the user that you want to grant permissions to.
usermod -aG wheel username
Granting sudo access using this method is sufficient for most use cases.
To test the sudo access, run the whoami
command:
sudo whoami
You will be prompted to enter the password. If the user have sudo access, the command will print “root”:
root
If you get an error saying “user is not in the sudoers file”, it means that the user doesn’t have sudo privileges.
Adding User to the sudoers File
The users’ and groups’ sudo privileges are configured in the /etc/sudoers
file. Adding the user to this file allows you to grant customized access to the commands and configure custom security policies for the user.
You can configure the user sudo access by modifying the sudoers file or by creating a new configuration file in the /etc/sudoers.d
directory. The files inside this directory are included in the sudoers file.
To edit the /etc/sudoers
file, use the visudo
command. This command checks the file for syntax errors when you save it. If there are any errors, the file is not saved. If you open the file with a text editor, a syntax error may result in losing the sudo access.
Typically, visudo
uses vim to open the /etc/sudoers
. If you don’t have experience with vim and you want to edit the file with nano type:
EDITOR=nano visudo
Let’s say you want to allow the user to run sudo commands without being asked for a password. Open the /etc/sudoers
file:
visudo
Scroll down to the end of the file and add the following line:
Another common example is to allow the user to run only specific commands via sudo. For example, to allow only the du and ping commands you would use:
username ALL=(ALL) NOPASSWD:/usr/bin/du,/usr/bin/ping
Instead of editing the sudoers file, you can achieve the same by creating a new file with the authorization rules in the /etc/sudoers.d
directory. Add the same rule as you would add to the sudoers file:
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username
This approach makes the management of the sudo privileges more maintainable. The name of the file not important. It is a common practice the name of the file to be the same as the username.
Conclusion
Granting sudo access to a user is a simple task, all you have to do is to add the user to the “wheel” group.