How to Give Sudo Privileges to a User in Linux CentOS / RHEL

by Jay

Introduction

This tutorial will teach you how to grant a local user in Linux full sudo privileges. We’ll also discover how to grant a user restricted sudo access, allowing them to use sudo only for a predetermined set of commands.

Granting a user full Sudo access

Any user with full sudo privileges has root access to the Linux command line. When we execute commands in the terminal that call for access to the filesystem’s root directories or files, this is necessary.

Explain the sudo user?

● Sudoers (nothing but sudo users) allows particular users to run various root user commands without needing a root password.

/etc/sudoers is the configuration file for sudoers to configure the normal user as privileged user.

● It is not recommended to open this file using # vim editor because this editor cannot check the syntax by default and whatever we typed in that file that will blindly save in this file.
● So, one editor is specially available for opening this file, ie.,# visudo and all normal users cannot execute this command. Only root user can run this command.

● Once this file is opened nobody can open this file again on another terminal because “The file is busy” message is displayed on the terminal for security reasons.

How to give different sudo permissions to normal users?

Open the /etc/sudoers file by executing #visudo command and go to line no. 98 and type as

Username Machine Command
root ALL=(ALL) ALL
raju All= ALL

Example:

# visudo
raju	ALL=(ALL)	ALL

—-Save and exit this file.

Note:
When we trying to save this file if any syntax errors in this file, those errors are displayed with line no’s and What you do ? (will be displayed, here press ‘e’ to edit this file and modify those errors or mistakes and save save this file.

● Now a Normal user raju can run any command with sudo priviledge

● Let’s Verify the same by run below command to switch to user raju if logged in by other user.

# su - raju 

Now the normal user raju can also add the users to the system by adding sudo before the command.

# sudo useradd <useradd> 

Note: We can assign sudo permissions to ‘n’ no. of users by specifying names separated by commas ( , ) or line by line.

How to give only some command access permissions to normal user.

Instead of giving all permissions to normal user we can give only some commands by editing /etc/sudoers files and adding below lines.

Example :

# visudo
  
  student ALL=/usr/sbin/useradd, /usr/sbin/usermod
  raju ALL=NOPASSWD:/usr/sbin/useradd, /usr/sbin/usermod

How to give sudo permissions to one group or groups.

* We can also apply to one group or groups as follows.

* First create the users, assign one group to those users and also assign the passwords for
those users. Open /etc/sudoers file by executing the command # visudo and type as follows.

Syntex:

%<group name> ALL=ALL

Example:

%oracle ALL=ALL 

How to create command alias and give these command access to a user.

* We can also create one command alias and add some commands to that alias
and mention that alias to users as follows by editing /etc/sudoers files and adding below lines..

#visudo
  
  Cmnd_Alias NETWORKING=/usr/sbin/route, /usr/sbin/ifconfig
  <username> <machines>=<command alias name>
  raju ALL=NETWORKING
  

How to create user alias and add the users in to that alias and give some command acess.

* We can also create one user alias and add the users to that alias and
assign some commands to that alias as follows.

Syntex:

User_Alias <user alias name>=<user1>, <user2>, <user3>, ....

Example:

# visudo
  
  User_Alias OURTEAM=raju, shyam, ram, gopal
  OURTEAM ALL=ALL 

How to set time interval to zero so that whenever the sudo user executes any command then it will ask password for every command.

# visudo
	
    Defaults timestamp_timeout=0 

Note: The above will apply to all users including root also. If we want to make it as only for normal users, then

Defaults : <user1>, <user2>, <user3> timestamp_timeout=0 
  

Note:By adding the above timestamp_timeout, the system will ask passwords for user1, user2, user3 to execute sudo commands each time

In which location the sudo user commands history is logged?

All the sudo users commands history is logged in /var/log/secure file to make a record of sudo user commands.

To see the contents of this file

# cat /var/log/secure

To see the updates of this file continuously and press ctrl + c to quit the tailf

# tailf /var/log/secure

Related Posts

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.