If you haven’t set up your new server yet, read this guide.
The sudo command provides a mechanism for granting administrator privileges, ordinarily only available to the root user, to normal users. This guide will show you the easiest way to create a new user with sudo access on CentOS, without having to modify your server’s sudoers file. If you want to configure sudo for an existing user, simply skip to step 3.
It is often advisable to completely disable root login through SSH after you have set up an SSH user account that has sudo privileges. Skip to the end to see how to do this.
Steps to Create a New Sudo User
1. Log in to your server as the root user.
2. Use the adduser command to add a new user to your system.
Be sure to replace username with the user that you want to create.
Use the passwd command to update the new user’s password.
Set and confirm the new user’s password at the prompt. A strong password is highly recommended!
Set password prompts: Changing password for user username. New password: Retype new password: passwd: all authentication tokens updated successfully.
3. Use the usermod command to add the user to the wheel group.
usermod -aG wheel username
By default, on CentOS, members of the wheel group have sudo privileges.
4. Test sudo access on new user account
Use the su command to switch to the new user account.
su - username
As the new user, verify that you can use sudo by prepending “sudo” to the command that you want to run with superuser privileges.
For example, you can list the contents of the /root directory, which is normally only accessible to the root user.
sudo ls -la /root
The first time you use sudo in a session, you will be prompted for the password of the user account. Enter the password to proceed.
Output: [sudo] password for username:
If your user is in the proper group and you entered the password correctly, the command that you issued with sudo should run with root privileges.
Disabling Root Login
It is often advisable to completely disable root login through SSH after you have set up an SSH user account that has sudo privileges.
To do this, open the SSH daemon configuration file with root or sudo on your remote server.
sudo nano /etc/ssh/sshd_config
Inside, search for a directive called PermitRootLogin. If it is commented, uncomment it. Change the value to “no”:
Save and close the file. To implement your changes, restart the SSH daemon.
sudo service ssh restart
sudo service sshd restart
Original content by Mitchell Anicas and Justin Ellingwood, edited by the author of this post and shared according to the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.