sudo command in CentOS provides a workaround by allowing a user to elevate their privileges for a single task temporarily.
You have two options to grant sudo access to a user. The first one is to add the user to the sudoers file. This file contains information that defines which users and groups are granted with sudo privileges, as well as the level of the privileges.
The second option is to add the user to the sudo group defined in the
sudoers file. By default, on RedHat based distributions like CentOS and Fedora, members of the “wheel” group are granted with sudo privileges.
How to Add Users to Sudo Group
By default, CentOS 7 has a user group called the “wheel” group. Members of the wheel group are automatically granted sudo privileges. Adding a user to this group is a quick and easy way to grant sudo privileges to a user.
Verify the Wheel Group is Enabled
Your CentOS 7 installation may or may not have the wheel group enabled.
Open the configuration file by entering the command:
Scroll through the configuration file until you see the following entry:
## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL
If the second line begins with the # sign, it has been disabled and marked as a comment. Just delete the # sign at the beginning of the second line so it looks like the following:
%wheel ALL=(ALL) ALL
Then save the file and exit the editor.
Add User in Group
To add a user to the wheel group, use the command:
usermod –aG wheel UserName
As usual, replace UserName with the name of the user receiving sudo privileges.
Switch to Sudo User
Switch to the new (or newly-elevated) user account with the
su (substitute user) command:
su - UserName
Enter the password if prompted. The terminal prompt should change to include the UserName.
Enter the following command to list the contents of the /root directory:
sudo ls -la /root
The terminal should request the password for UserName. Enter it, and you should see a display of the list of directories. Since listing the contents of /root requires sudo privileges, this works as a quick way to prove that UserName can use the
Add User to Sudoers on CentOS
If you’re working on a local machine, log in to the system with administrator credentials.
If you’re connecting to a remote machine (over a network), open a terminal window and enter the command:
The server_ip_address is the network IP address of the server you’re logging into. Enter your credentials when prompted.
Create a New Sudo User
To add a new sudo user, open the terminal window and enter the command:
Use the actual username for your new user in place of UserName.
Next, create a password for the new user by entering the following in your terminal window:
The system should display a prompt in which you can set and confirm a password for your new user account. If successful, the system should respond with “all authentication tokens updated successfully.”
Alternative: Add User to Sudoers Configuration File
If there’s a problem with the wheel group, or administrative policy prevents you from creating or modifying groups, you can add a user directly to the sudoers configuration file to grant sudo privileges.
Open the Sudoers File in an Editor
In the terminal, run the following command:
This will open the /etc/sudoers file in a text editor.
Add the New User to file
Scroll down to find the following section:
## Allow root to run any commands anywhere root ALL=(ALL) ALL
Right after this entry, add the following text:
UserName ALL=(ALL) ALL
Replace UserName with the username you created in Step 2. This section should look like the following:
## Allow root to run any commands anywhere root ALL=(ALL) ALL UserName ALL=(ALL) ALL
Save the file and exit.
Test Sudo Privileges for the User Account
Switch user accounts with the
su (substitute user) command:
su — UserName
Enter the password for the account, if prompted. The terminal prompt should change to include UserName.
List the contents of the /root directory:
sudo ls —la /root
Enter the password for this user when prompted. The terminal should display a list of all the directories in the /root directory.