cloud engineer
Here’s an alternate way to give Linux users sudo access by adding them to the wheel group. Most Linux systems come with the wheel group already predefined. By adding users to the wheel group, they now have the ability to sudo and run root commands. The wheel group is in the sudoers file for Redhat, Centos, Debian and Ubuntu.
usermod -aG wheel username |
usermod -aG wheel username
If you’re the only user on your system, you don’t need to be prompted every time you run the sudo command.
Add yourself to the sudoers file.
# create a new file sudo visudo -f /etc/sudoers.d/users |
# create a new file sudo visudo -f /etc/sudoers.d/users
Add this line.
# add your username username ALL=(ALL) NOPASSWD:ALL |
# add your username username ALL=(ALL) NOPASSWD:ALL
Exit and try again.
# exit out and login again exit # try to sudo again sudo -i # there's no password prompt for sudo this time |
# exit out and login again exit # try to sudo again sudo -i # there's no password prompt for sudo this time
What’s in the /etc/sudoers.d/ directory? It’s a group of files with the following format as displayed in the code below. In the example, the file allows a Linux group or an AD group to assume the role of root, via the sudo command. As long as the group uses the correct format, and is located inside the /etc/sudoers.d/ directory, that group will have access to root.
%groupname ALL=(ALL) NOPASSWD: ALL |
%groupname ALL=(ALL) NOPASSWD: ALL
The /etc/sudoers file gives users the ability to run commands that are typically reserved for administrators. The commands require a password or no password, depending on how you set them up in the sudoers file. The sudoers file can’t be edited using any text editor. You have to use visudo.
$ visudo |
$ visudo
Add groups to access sudo.
# Allow users in techgroup to run all commands %techgroup ALL=(ALL) NOPASSWD: ALL # Allow users in techgroup without a password %techgroup ALL=(ALL) NOPASSWD: ALL # Allow users in techgroup to shutdown the system %techgroup localhost=/sbin/shutdown -h now #includedir /etc/sudoers.d |
# Allow users in techgroup to run all commands %techgroup ALL=(ALL) NOPASSWD: ALL # Allow users in techgroup without a password %techgroup ALL=(ALL) NOPASSWD: ALL # Allow users in techgroup to shutdown the system %techgroup localhost=/sbin/shutdown -h now #includedir /etc/sudoers.d
Typically you have to add your groups in the sudoers file. Notice the last line. Sudoers will include config files found under the /etc/sudoers.d directory. In certain circumstances, there are others pieces of software such as compliance software CFEngine that writes over changes in the sudoers file. If this is the case, then you have to add your groups in a file inside the /etc/sudoers.d directory.