How To Create a Sudo User on CentOS 7

Try it in our public cloud & Get $50 Credit
CLAIM NOW

If you’re manually provisioning a server, you should never connect directly as root. Rather, you should create separate users with sudo capabilities, always accessing the server as the non-root user and running root commands with sudo. This setup has several key advantages. First, users can be limited on what commands they run, or what actions are taken when root. You can also audit actions, as well as easily revoke root access without rotating keys or changing a root password to which everyone has access.

Getting Started

To complete this guide, you will need the following:
• 1 Node (Cloud Server or Dedicated Server) with a clean CentOS 7 installed.

When finished, you’ll have a regular user who can elevate privileges to root.

Tutorial

We’ll begin by creating a normal user. In this case, the user is named “globotech.”

adduser globotech

Set the user’s password so it can connect and authenticate.

passwd globotech

By default, all members of the “wheel” group get sudo privileges. This enables group members to run commands as the root user. Let’s add our user to this group.

usermod -aG wheel globotech

The content of /root is normally not visible to regular users. To test out our setup, let’s connect as globotech.

su -l globotech

Next, use the sudo command to gain root privileges. Sudo accepts another command that is run as root. In this case, we run the command to list the /root directory, but do so as the root user. You’ll be prompted for a password, which should be the globotech password you set up previously.

sudo ls /root

You can now log in as globotech and run any command as root. Just remember to prepend “sudo” to any command you wish to run with administrative privileges.

Conclusion

You now have a secure system which lets individual users gain administrative privileges. While this example lets users run specific commands, it is also possible to limit access to certain command types. You might, for instance, let some users run all commands, others only manipulate files, and still others install and remove packages. With sudo, you can create arbitrarily rich administrative access control lists for any use case you can imagine. If this guide was helpful to you, kindly share it with others who may also be interested.