How to Add Super Users in CentOS

  1. Add User to the wheel Group
  2. Add User to the Sudoers File

We can execute certain commands only as a root user using the sudo command. The root users are also known as sudo users. We can add sudo users in CentOS by adding the user to the wheel group or by adding the user to the files inside /etc/sudoers directory.

Add User to the wheel Group

Let us consider you have a user who is not a sudo user. To add the user to the wheel group, we run the following command as another superuser that already exists:

usermod -aG wheel username

username is the name of the user that needs to be added to the wheel group.

usermod -aG wheel zeppy

It adds the zeppy to the wheel group.

To confirm if the user has been added to the wheel group, we use the whoami command.

sudo whoami

This command prompts us for a password, and if the password is correct and the user is in the wheel group, root will be printed in the terminal.

Output:

root

If the user is not in the wheel group, we will get an error saying user is not in the sudoers file.

Add User to the Sudoers File

The users with sudo privileges are configured in the /etc/sudoers file. We can add sudo users by modifying the sudoers file or adding a new configuration file in the /etc/sudoers.d directory.

We use the visudo command to edit /etc/sudoers file, which uses vim editor. The visudo command checks for syntax errors in the file before saving.

To use nano editor for editing /etc/sudoers file, we use the following command:

EDITOR=nano visudo

If we wish to permit the users to run the sudo commands without being prompted for a password, we open the /etc/sudoers file using the command .

visudo

If this gives an error saying permission denied, try the following command.

sudo visudo

Now /etc/sudo file will be opened, and we need to go the end of the file and add the following line:

username ALL=(ALL) NOPASSWD:ALL

Here, username is the name of the user that we want to permit.

Now, we need to save the file before exiting from the editor.

We can also permit the user to perform only certain commands without a password.

zeppy ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir

This enables zeppy to execute the commands /bin/mkdir and /bin/rmdir without password.

We can also enable the user’s permissions to run commands by creating configuration files in the /etc/sudoers.d directory.

We must add the same content in the files as we added in the /etc/sudo file.

zeppy ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir

This enables zeppy to execute the commands /bin/mkdir and /bin/rmdir without password.

The advantage of this method is that it makes things more managed as we can create a separate file with every user’s filename.

comments powered by Disqus