×

How can i add or create a sudo user on CentOS Linux 8 using the command line? 


CentOS is a free and open source Enterprise Linux distribution derived from the Red Hat Enterprise Linux (RHEL). CentOS is very popular as it is used for hosting servers and clusters. With the sudo command you as a user can run programs with the security privileges of another user just as the root user. 

The file "/etc/sudoers" holds security policy for system users and group which is used by the sudo command.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to configure their CentOS Servers.


In this context, we shall look into how to add a new sudo user on CentOS Linux 8 systems.


How to add or create a sudo user on CentOS 8?

To add or create a sudo user on CentOS, follow the steps below;


i. Start by Opening the terminal application.

ii. Next, run the ssh command for CentOS server and log in as the root user using "sudo" or "su".

iii. Now, create a new CentOS user named john by running the command below;

useradd john

iv. Next, set the password by running the command as shown below;

passwd john

v. Then make the user john the sudo user by running the command below:

For CentOS Linux 8, execute;

usermod -aG wheel john

vi. Now verify it by running the command as shown below;

id john


How to Log into a CentOS server?

To log into a CentOS server, run the ssh command as shown below;

ssh root@centos8_server


Or you can also login as a user "linuxapt" as seen below;

ssh linuxapt@centos-8-server-ip

Next, log into the server as a root user as shown below;

su -

Alternatively, you can use the command below;

sudo -i


How to create a new sudo user on CentOS?

Start by creating a new CentOS user account via your ssh client. For instance, lets say we want to create an account named "jerry", the the command to run would be;

adduser jerry


Next, set the password for the user "jerry" by running the passwd command as shown below;

passwd jerry

To verify the newly created user account, run the command as shown below;

id jerry


For CentOS 8 Linux server, all members of the wheel group have sudo access. It is necessary to append user account to the wheel group by running the usermod command as shown below;

usermod -aG wheel jerry


This will enable sudo privileges for the user account "jerry". To verify it, you can use the "id" command or "grep" on  /etc/passwd and /etc/group files as shown below;

# id jerry
# grep '^jerry' /etc/passwd
# grep '^wheel' /etc/group


Testing the user Sudo access

To test sudo access for the user, log into your server via an ssh client as the user "jerry";

ssh jerry@centos-8-server

## OR ##

ssh jerry@24.63.310.32

## To verify current user id ##

id

## Now, to use as root shell ##

sudo -i

## Verify id again ##

id

## Run command as root ##

sudo systemctl status sshd.service
sudo ls -l /root/


After this, you can log out of the shell by running the exit command;

exit


Important thing to note about supplementary groups of the new account

Additionally, you can add a new user and add it to the wheel group with a single command. Let's say we want to add a new user called "kelly" and set set secondary group membership to wheel, then run the commands shown below;


# adduser -G wheel {userName}
# adduser -G wheel kelly
# passwd kelly
# id kelly


The outputs will look like this;

uid=1001(kelly) gid=1001(kelly) groups=1001(kelly),10(wheel)


How to grant a new user or add existing user account to sudo on CentOS?

To add an existing user account and grant it administrative rights, lets say the name of the user is "linuxapt" to be added to the wheel group, run the commands below to implement this action;


# usermod -aG wheel {username}
# usermod -aG wheel linuxapt
# id linuxapt


What happened here is that we used the usermod command to configure and grant sudo access for an existing user.


How to view sudo admin privileges logs?

With keep track of a user (jerry) in a log file which is granted admin privileges using sudo for security measures, run the following  grep command / tail command;

# tail -f /var/log/secure
# grep jerry /var/log/secure
# grep jerry /var/log/secure | grep -i command


You will see outputs such as;

Dec  3 17:42:05 centos-8 sudo[603]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/bash
Dec  3 17:42:56 centos-8 sudo[691]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/bash
Dec  3 17:43:10 centos-8 sudo[711]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/systemctl status sshd.service
Dec  3 17:44:22 centos-8 sudo[720]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/bash
Dec  3 17:45:52 centos-8 sudo[750]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/systemctl enable nginx.service
Dec  3 17:49:57 centos-8 sudo[813]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/bash
Dec  3 17:50:09 centos-8 sudo[840]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/ls /root/
Dec  3 17:50:13 centos-8 sudo[843]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/ls -l /root/
Dec  3 18:17:03 centos-8 sudo[884]: jerry : TTY=pts/0 ; PWD=/home/jerry ; USER=root ; COMMAND=/bin/date


In the same vain, security policies may log successful and failed attempts to use sudo. Additionally, if an I/O plugin configured, the running command's input and output may be recorded as well in the log file. The sudo command is better than su and keeps a detailed log for all admin tasks executed by other users. Therefore, sudo is the right choice for granting admin privileges on CentOS servers.


How to go about deleting a user account in CentOS 8?

To delete a user account in CentOS, run the command below;


# userdel -r {userName}


Lets say you want to delete user "jerry", all you need to do is to run the command as shown below;

# userdel -r jerry


Need to add a CentOS 8 user to sudoers file? We are available to help you today.


Conclusion