On this short article, we will learn how to add an regular user to be sudoers on CentOS 7 opearting system.

Introduction

Sometimes we need root level privileges to run some tasks in an operating system, in this case CentOS 7. For this purpose, the operating system has provided a facility known as sudo. The sudo command stands for “Super User DO” and temporarily level up the privileges of a regular user for administrative tasks. In this article, we will discuss how to add a regular user to sudoers.

Prerequisite

• CentOS 7 system
• Root user or regular user who already has sudo privileges

Adding New User To sudo Group

CentOS 7 has a user group called the “wheel” group, where the members of this group are automatically granted sudo privileges. We will add a new user to this group to grant sudo privileges to that user. For this purpose we will do the following tasks.

Verify the ‘wheel’ group is enabled

For the first time, we have to verify if the wheel group is enabled. For this purpose we will submit the following command line:

$ visudo

We will be entering to /etc/sudoers file, then find and remove the ‘remarks sign’ on the left side.

## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

to be :

%wheel ALL=(ALL) ALL

Add New User to wheel Group

To add a new user to wheel group, we will submit the command line :

$ usermod –aG wheel UserName

Adding New User To Sudoers Configuration File

To ensure, a new user having sudo privilege, we have to add to sudoers configuration file.

1. Submit $ visudo command line.
2. Add new user to sudoers configuration file

## Allow root to run any commands anywhere

root ALL=(ALL) ALL
ramansah ALL=(ALL) ALL

On this tutorial, we will add a new user called as ‘ramansah’ to the file.

Testing sudo Privilege

After all are set, then we will test a new user to do the root account can do.

[ramansah@localhost /]$ sudo ls -ltr /root
total 8
-rw-------. 1 root root 1758 Jul 28 20:27 anaconda-ks.cfg
-rw-r--r--. 1 root root 1786 Jul 28 20:40 initial-setup-ks.cfg

It works, running properly.

Common Errors & Troubleshooting

When modifying the sudoers file in CentOS 7, users often encounter errors that can lead to permission issues or even lock them out of administrative access. Below are some common mistakes and how to resolve them.

1. Not Using visudo to Edit the Sudoers File

The /etc/sudoers file should always be edited using visudo instead of a regular text editor. visudo performs syntax checks and prevents misconfigurations that could break sudo access.

Solution: Use this command to safely edit the sudoers file:

sudo visudo

2. Syntax Errors in the Sudoers File

A misplaced character or incorrect syntax can cause sudo to stop working. Common mistakes include:

• Forgetting to use ALL=(ALL) ALL after a username
• Incorrect spacing or missing NOPASSWD: declarations

Solution: If you’ve already made changes that resulted in errors, you can regain access by booting into single-user mode and fixing the file with visudo.

username ALL=(ALL) NOPASSWD: /bin/systemctl restart httpd

3. “User is Not in the Sudoers File” Error

This happens when a user is not added to the sudoers file or the wheel group.

Solution: To add a user to sudoers:

sudo usermod -aG wheel username

Then verify their permissions:

sudo -l -U username  

Security Best Practices

Granting sudo access should be done with caution. A misconfigured sudoers file can create security vulnerabilities. Here are some best practices to follow.

1. Limit Sudo Access to Trusted Users

Instead of adding all users to the sudo group, only assign administrative privileges to those who truly need them.

2. Restrict Specific Commands

Every sudo action is logged in /var/log/secure, allowing administrators to track privilege escalations. Check sudo logs:

Instead of granting full root access, you can restrict a user’s sudo privileges to specific commands. Example: Allow a user to restart Apache but deny other sudo access:

username ALL=(ALL) NOPASSWD: /bin/systemctl restart httpd

3. Use Sudo Logs for Monitoring

Instead of adding all users to the sudo group, only assign administrative privileges to those who truly need them.

sudo cat /var/log/secure | grep sudo

Conclusion

On this short tutorial, we have shown you how to add a new user to a sudoers group on CentOS  7 operating system.

✅ FAQ Section

Frequently Asked Questions

1. What is the sudoers file in CentOS 7?

The sudoers file is a configuration file that controls which users and groups can execute commands with elevated (root) privileges. It helps administrators delegate responsibilities without sharing the root password.

2. How do I safely edit the sudoers file?

Always use the visudo command instead of editing the file directly. It performs syntax validation and prevents configuration errors that could lock you out of administrative access.

sudo visudo

3. Should I grant sudo access to a user or a group?

Using groups is considered best practice. It simplifies permission management, improves auditing, and reduces the risk of configuration mistakes when onboarding or removing users.

4. What does NOPASSWD mean in sudoers?

NOPASSWD allows a user to run sudo commands without entering a password. While convenient, it should only be used in controlled environments because it reduces security.

5. Why is my user not recognized in the sudoers file?

Common causes include:

• The user was not added to the correct group
• The sudoers file contains syntax errors
• Changes were not saved properly

Verify group membership with:

groups username

6. Can I limit sudo access to specific commands?

Yes. Instead of granting full privileges, you can allow only certain commands.

Example:

username ALL=(ALL) /usr/bin/systemctl restart httpd

This significantly improves server security.

7. How do I check who has sudo access?

Run:

getent group wheel

On CentOS, the wheel group typically controls sudo privileges.

8. Is it safe to disable the root login and rely on sudo?

Yes — many security experts recommend disabling direct root login and using sudo instead. This creates an audit trail and reduces the risk of unauthorized access.