How To Add User to Sudoers on CentOS 7

On this short article, we will learn how to add an regular user to be sudoers on CentOS 7 opearting system.
Introduction
Sometimes we need root level privileges to run some tasks in an operating system, in this case CentOS 7. For this purpose, the operating system has provided a facility known as sudo. The sudo
command stands for “Super User DO” and temporarily level up the privileges of a regular user for administrative tasks. In this article, we will discuss how to add a regular user to sudoers.
Prerequisite
- CentOS 7 system
- Root user or regular user who already has sudo privileges
Adding New User To sudo Group
CentOS 7 has a user group called the “wheel” group, where the members of this group are automatically granted sudo privileges. We will add a new user to this group to grant sudo
privileges to that user. For this purpose we will do the following tasks.
Verify the ‘wheel’ group is enabled
For the first time, we have to verify if the wheel group is enabled. For this purpose we will submit the following command line:
$ visudo
We will be entering to /etc/sudoers
file, then find and remove the ‘remarks sign’ on the left side.
## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL
to be :
%wheel ALL=(ALL) ALL
Add New User to wheel Group
To add a new user to wheel group, we will submit the command line :
$ usermod –aG wheel UserName
Adding New User To Sudoers Configuration File
To ensure, a new user having sudo privilege, we have to add to sudoers configuration file.
- Submit
$ visudo
command line. - Add new user to sudoers configuration file
## Allow root to run any commands anywhere root ALL=(ALL) ALL ramansah ALL=(ALL) ALL
On this tutorial, we will add a new user called as ‘ramansah’ to the file.

Testing sudo Privilege
After all are set, then we will test a new user to do the root account can do.
[ramansah@localhost /]$ sudo ls -ltr /root total 8 -rw-------. 1 root root 1758 Jul 28 20:27 anaconda-ks.cfg -rw-r--r--. 1 root root 1786 Jul 28 20:40 initial-setup-ks.cfg
It works, running properly.
Common Errors & Troubleshooting
When modifying the sudoers file in CentOS 7, users often encounter errors that can lead to permission issues or even lock them out of administrative access. Below are some common mistakes and how to resolve them.
1. Not Using visudo to Edit the Sudoers File
The /etc/sudoers file should always be edited using visudo
instead of a regular text editor. visudo
performs syntax checks and prevents misconfigurations that could break sudo access.
Solution: Use this command to safely edit the sudoers file:
sudo visudo
2. Syntax Errors in the Sudoers File
A misplaced character or incorrect syntax can cause sudo to stop working. Common mistakes include:
- Forgetting to use
ALL=(ALL) ALL
after a username - Incorrect spacing or missing
NOPASSWD:
declarations
Solution: If you’ve already made changes that resulted in errors, you can regain access by booting into single-user mode and fixing the file with visudo
.
username ALL=(ALL) NOPASSWD: /bin/systemctl restart httpd
3. “User is Not in the Sudoers File” Error
This happens when a user is not added to the sudoers file or the wheel group.
Solution: To add a user to sudoers:
sudo usermod -aG wheel username
Then verify their permissions:
sudo -l -U username
Security Best Practices
Granting sudo access should be done with caution. A misconfigured sudoers file can create security vulnerabilities. Here are some best practices to follow.
1. Limit Sudo Access to Trusted Users
Instead of adding all users to the sudo group, only assign administrative privileges to those who truly need them.
2. Restrict Specific Commands
Every sudo action is logged in /var/log/secure
, allowing administrators to track privilege escalations. Check sudo logs:
Instead of granting full root access, you can restrict a user’s sudo privileges to specific commands. Example: Allow a user to restart Apache but deny other sudo access:
username ALL=(ALL) NOPASSWD: /bin/systemctl restart httpd
3. Use Sudo Logs for Monitoring
Instead of adding all users to the sudo group, only assign administrative privileges to those who truly need them.
sudo cat /var/log/secure | grep sudo
Conclusion
On this short tutorial, we have shown you how to add a new user to a sudoers group on CentOS 7 operating system.