How To Add User to Sudoers on CentOS 7

How To Add User to Sudoers on CentOS 7

On this short article, we will learn how to add an regular user to be sudoers on CentOS 7 opearting system.

Introduction

Sometimes we need root level privileges to run some tasks in an operating system, in this case CentOS 7. For this purpose, the operating system has provided a facility known as sudo. The sudo command stands for “Super User DO” and temporarily level up the privileges of a regular user for administrative tasks. In this article, we will discuss how to add a regular user to sudoers.

Prerequisite

  • CentOS 7 system
  • Root user or regular user who already has sudo privileges

Adding New User To sudo Group

CentOS 7 has a user group called the “wheel” group, where the members of this group are automatically granted sudo privileges. We will add a new user to this group to grant sudo privileges to that user. For this purpose we will do the following tasks.

Verify the ‘wheel’ group is enabled

For the first time, we have to verify if the wheel group is enabled. For this purpose we will submit the following command line:

$ visudo

We will be entering to /etc/sudoers file, then find and remove the ‘remarks sign’ on the left side.

## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

to be :

%wheel ALL=(ALL) ALL

Add New User to wheel Group

To add a new user to wheel group, we will submit the command line :

$ usermod –aG wheel UserName

Adding New User To Sudoers Configuration File

To ensure, a new user having sudo privilege, we have to add to sudoers configuration file.

  1. Submit $ visudo command line.
  2. Add new user to sudoers configuration file
## Allow root to run any commands anywhere

root ALL=(ALL) ALL
ramansah ALL=(ALL) ALL

On this tutorial, we will add a new user called as ‘ramansah’ to the file.

visudo
visudo

Testing sudo Privilege

After all are set, then we will test a new user to do the root account can do.

[ramansah@localhost /]$ sudo ls -ltr /root
total 8
-rw-------. 1 root root 1758 Jul 28 20:27 anaconda-ks.cfg
-rw-r--r--. 1 root root 1786 Jul 28 20:40 initial-setup-ks.cfg

It works, running properly.

Common Errors & Troubleshooting

When modifying the sudoers file in CentOS 7, users often encounter errors that can lead to permission issues or even lock them out of administrative access. Below are some common mistakes and how to resolve them.

1. Not Using visudo to Edit the Sudoers File

The /etc/sudoers file should always be edited using visudo instead of a regular text editor. visudo performs syntax checks and prevents misconfigurations that could break sudo access.

Solution: Use this command to safely edit the sudoers file:

sudo visudo
2. Syntax Errors in the Sudoers File

A misplaced character or incorrect syntax can cause sudo to stop working. Common mistakes include:

  • Forgetting to use ALL=(ALL) ALL after a username
  • Incorrect spacing or missing NOPASSWD: declarations

Solution: If you’ve already made changes that resulted in errors, you can regain access by booting into single-user mode and fixing the file with visudo.

username ALL=(ALL) NOPASSWD: /bin/systemctl restart httpd
3. “User is Not in the Sudoers File” Error

This happens when a user is not added to the sudoers file or the wheel group.

Solution: To add a user to sudoers:

sudo usermod -aG wheel username

Then verify their permissions:

sudo -l -U username  

Security Best Practices

Granting sudo access should be done with caution. A misconfigured sudoers file can create security vulnerabilities. Here are some best practices to follow.

1. Limit Sudo Access to Trusted Users

Instead of adding all users to the sudo group, only assign administrative privileges to those who truly need them.

2. Restrict Specific Commands

Every sudo action is logged in /var/log/secure, allowing administrators to track privilege escalations. Check sudo logs:

Instead of granting full root access, you can restrict a user’s sudo privileges to specific commands. Example: Allow a user to restart Apache but deny other sudo access:

username ALL=(ALL) NOPASSWD: /bin/systemctl restart httpd
3. Use Sudo Logs for Monitoring

Instead of adding all users to the sudo group, only assign administrative privileges to those who truly need them.

sudo cat /var/log/secure | grep sudo

Conclusion

On this short tutorial, we have shown you how to add a new user to a sudoers group on CentOS  7 operating system.

(Visited 77 times, 1 visits today)

You may also like