Chapter 8. Managing sudo access

System administrators can grant sudo access to allow non-root users to execute administrative commands. The sudo command provides users with administrative access without using the password of the root user.

When users need to perform an administrative command, they can precede that command with sudo. The command is then executed as if they were the root user.

Be aware of the following limitations:

  • Only users listed in the /etc/sudoers configuration file can use the sudo command.
  • The command is executed in the shell of the user, not in the root shell.

8.1. Granting sudo access to a user

A non-root user requires sudo access to perform administrative commands. The following section describes how to grant sudo access to a user.

Prerequisites

  • Root access.

Procedure

  1. Open the /etc/sudoers file.

    # visudo

    The /etc/sudoers file defines the policies applied by the sudo command.

  2. In the /etc/sudoers file find the lines that grant sudo access to users in the administrative wheel group.

    ## Allows people in group wheel to run all commands
    %wheel        ALL=(ALL)       ALL
  3. Make sure the line that starts with %wheel does not have # comment character before it.
  4. Save any changes, and exit the editor.
  5. Add users you want to grant sudo access to into the administrative wheel group .

     # usermod --append -G wheel username

    Replace username with the name of the user.

Example

  • To add the user sarah to the administrative wheel group, use:

     # usermod --append -G wheel sarah

Verification steps

  • To verify the user is added to the administrative wheel group, use the id utility.

    # id sarah

    The output returns:

    uid=5000(sarah) gid=5000(sarah) groups=5000(sarah),10(wheel)