sudo is a command-line utility that is designed to allow trusted users to another user (the default is the root user) Run command.
To grant a user sudo access, you have two options. The first is to add the user to the sudoers file. This file contains the definition of which users and groups are granted sudo permissions and permission levels of information.
We will explain the two options below.
Add the user to the wheel group
The easiest way to sudo permissions granted to the user on CentOS is to add users to the "wheel" group. Members of this group will be able to run all through the sudo command, use sudo will be prompted with a password to authenticate itself.
We assume that the user already exists. If you want to create a new user, check out this guide.
To add users to the group, run the following command as root or sudo other user. The "username" change its permissions you want to grant the user's name.
usermod -aG wheel username
For most use cases, using this method to grant sudo access sufficient.
To test sudo access, switch to the user:
su - username
Run the whoami command:
If the user has access to sudo, the command will print "root":
root
If you receive the error message "user is not in the sudoers file", it means that the user does not have sudo privileges.
Add the user to the sudoers file
Sudo user and group permissions are configured in / etc / sudoers file. Add the user to the file allows you to grant access to custom orders, and for the user to configure custom security policy.
You can configure user access privileges by modifying sudo sudoers file or create a new profile in /etc/sudoers.d directory. Files in this directory will be included in the sudoers file.
To edit the / etc / sudoers file, use the visudo command. When you save, the command file to check for syntax errors. If there are any errors, it will not save the file. If you open the file with a text editor, syntax errors may result in the loss sudo access.
Usually, visudo will use vim to open the / etc / sudoers. If you are not using the vim experience, and want to use nano to edit the file, enter the following command:
EDITOR=nano visudo
Suppose you want to run the command sudo case allows the user to enter a password is not required. Open the / etc / sudoers file:
visudo
Scroll down to the end of the file and add the following line:
username ALL=(ALL) NOPASSWD:ALL
Save the file and exit the editor. Do not forget to use the user name you want to grant access to change the above username.
Another common example is to allow the user only can sudo particular command. For example, to allow only du and use the ping command:
Edit / etc / sudoers file
username ALL=(ALL) NOPASSWD:/usr/bin/du,/usr/bin/ping
You can also achieve the same by creating a new file with the authorization rules in /etc/sudoers.d directory, rather than editing the sudoers file. Run the following command to add the same rules as above:
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/username
This approach makes sudo permissions management easier to maintain. File name is not important, the usual practice is to the same file name and user name.
in conclusion
In other based on CentOS or RedHat releases, grant users access to sudo is a simple task, you can simply add users to the "wheel" group can be.