🐧 Adding, Removing and Granting Sudo Rights to Users on CentOS

The “sudo” user can run an administrative task or command, which is not allowed for a regular user.

This tutorial explains how to add, remove and grant sudo privileges to CentOS users and other RHEL based systems.

The steps below have been tested on a minimal CentOS 8 version, however it should work on other RPM based systems as well.

What is sudo?

On Linux and Unix in general, sudo allows a normal user to temporarily gain superuser or root user capabilities.

Using the sudo command, a regular user can perform administrative tasks without even having access to the root password.

Instead of giving someone the root password, just give users sudo privileges to elevate their privileges.

The word “sudo” originally comes from “superuser do” because it is primarily used to perform superuser tasks.

It now also means “substitute user do”.

Benefits of using sudo

There are many benefits to using sudo, which are listed below:

  • The system administrator does not need to share the root password with everyone.
  • A regular user can perform administrative tasks even if he / she does not know the root password.
  • Sudo rights can be granted and revoked to users at any time.
  • The sudo session will automatically expire after a specified period of user inactivity. This is very useful when the user has forgotten to log out of the session. By default, a sudo session will expire after 15 minutes of inactivity.
  • System administrators can monitor the activities of all sudo users. All sudo user actions are logged in the / var / log / secure file. If there are any problems, you can look at the log file and try to figure out what went wrong. You will also find out who is abusing sudo privileges and you can simply revoke those privileges.

Adding, Removing, and Granting Sudo Rights to Users on CentOS

Log into your CentOS system as root or any user with sudo privileges.

First, let’s add sudo privileges to the new user.

1. Add sudo users to CentOS

Let me create a new user named “senthil”.

To do this, I’ll run the following command as root from the terminal:

# adduser senthil

Set a password for the new senthil user:

# passwd senthil

He is not yet authorized to perform any administrative tasks. Let’s check if the senthil user can use the sudo command:

# sudo -l -U senthil

Output example:

User senthil is not allowed to run sudo on centos8

That’s right, he is not yet allowed to run sudo on my CentOS 8 system. Let’s give him sudo rights now.

2. Grant sudo privileges to users on CentOS.

To add a regular user to the sudoers group, you need to add him to the wheel group.

For those of you curious, wheel is a special group on some Unix-like operating systems.

All members of the wheel group are allowed to perform administrative tasks.

The Wheel group is similar to the sudo group on Debian based systems.

We can add users to sudoers in two ways.

The first way is to use the chmod command.

2.1. Adding users to sudoers using usermod command on CentOS

Now let’s grant sudo privileges to the newly created user “senthil” by adding him to the wheel group using the usermod command as shown below:

# usermod -aG wheel senthil

Here -aG refers to the optional group.

In our case, this is the wheel group.

That’s it, we have just granted sudo permissions to senthil.

Let’s check if the user is in the sudoers list using the command:

# sudo -l -U senthil

Conclusion:

Matching Defaults entries for senthil on centos8:
    !visiblepw, always_set_home, match_group_by_gid,
    always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY
    HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR
    USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
    LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY
    LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL
    LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
    secure_path=/sbin:/bin:/usr/sbin:/usr/bin

User senthil may run the following commands on centos8:
    (ALL) ALL

As you can see in the last line of the above output, user “senthil” can now execute all commands.

2.2. Add users to sudoers by editing the sudoers config file on CentOS

Another way to add users to the sudoers list is to directly add him / her to the sudoers config file.

Edit the sudoers config file with the command:

# visudo

The system will open the / etc / sudoers file in your Vi editor or whatever you have in your $ PATH.

Scroll down until you find the following entry:

root    ALL=(ALL)       ALL

Add the following line immediately after the above entry:

senthil ALL=(ALL)       ALL

Here the line ALL = (ALL) ALL indicates that the user “senthil” can execute any command on any host. Replace “senthil” with your username. Save and close the file. That’s all. The user “senthil” has been added to the sudoers list.

2.3. Checking sudo users on CentOS

Log out of the current session and log in again as the newly created sudo user.

Alternatively, you can switch to another user directly without leaving your current session using the following command:

# sudo -i -u senthil

Now check if the user can perform any administrative task with sudo privileges:

$ sudo dnf update

3. Remove the sudo privileges from the CentOS user.

We can revoke sudo rights from a user without completely deleting their account.

To revoke sudo permissions from a user, simply run the following command as root:

# gpasswd -d senthil wheel

Conclusion:

Removing user senthil from group wheel

The above command will remove the user named “senthil” from the “wheel” group.

Please note that the user is not completely removed from the system.

We only removed the sudo privileges.

Check if the user can do sudo operations:

# sudo -l -U senthil
User senthil is not allowed to run sudo on centos8.

Well, senthil is no longer a member of the sudoers group and cannot perform any administrative tasks.

To permanently remove a user from the system, run:

$ userdel -r senthil

The above command will delete the user “senthil” along with his home directory and mail buffer.

For more information, see the man page for the corresponding command:

$ man sudo
$ man adduser
$ man gpasswd
$ man userdel

Conclusion

Now you know how to add, remove and grant sudo rights to users on CentOS operating systems. As you can see, it is very easy to add new users to the sudoers lists, grant sudo privileges to an existing user, and remove sudo privileges from that user.

Sidebar