Sudo linux red hat

Linux command line basics: sudo

Image by Pixabay

More Linux resources

When I first started learning the Linux command line, I found myself memorizing commands for specific scenarios. Even if it wasn’t the best command for the job, I had my way of doing things, and that worked for me. As I started working in a more professional environment around people with years of experience and knowledge, I discovered that just because I could use a command did not mean that I understood the command. Sometimes, just knowing how isn’t good enough. It helps to understand what is going on behind the scenes and why you use specific arguments, flags, and objects. The sudo command is one that I didn’t use often before. This choice is unthinkable now, and honestly, it makes me laugh at myself for assuming I knew what I was doing. I’ll explain this later on; for now, let’s take a look at what the sudo command is, why it’s important, and how to configure it.

Do you know those crime TV scenes where a plainclothes detective walks up and the uniformed officer stops them from entering the area until they flash their badge? We’ve all seen this drama unfold over the years, from the yellow tape to the pouring rain and the cliché trench coats, but what happens next? The uniformed officer takes a look, realizes that this person belongs on the scene, and lets them pass. Sudo is your badge. It’s your «golden ticket,» your security clearance, and your permission to do as you please. Metaphor aside, sudo is your elevated privilege.

Sudo stands for «superuser do» and is the master key to your high-privilege admin tasks. Have you ever tried to edit a config file only to receive «Permission Denied?» (The /etc/hosts file comes to mind.) If so, that was because your user account did not have access to that file. You need root or sudoer access. Previously, back when I was doing things «my way,» I used to always use the su command (switch user) and would log in as root for these tasks. While this method works, it isn’t the best way to accomplish the needed task in most cases.

Think about this: You su to root to edit a file, but you forget to switch back to your user account afterward. At this point, a simple command line error could cost you dearly as an administrator. I saw a colleague blow away the root directory of a back-end storage server for the state of New York due to this simple oversight. Thankfully, the data and his career were recoverable!

So how do I use sudo ?

Simply preface the intended command with sudo . You will then be prompted for a password (you need to enter your user account password, not root’s). For example, if you want to edit an important configuration file, you might use vi /etc/sudoers :

Источник

How to enable sudo on Red Hat Enterprise Linux

You’ve probably seen tutorials that use sudo for running administrative commands as root. However when you try it, you get told your user ID is “not in the sudoers file, this incident will be reported.” For developers, sudo can be very useful for running steps that require root access in build scripts.

This article covers:

• How to configure sudo access on Red Hat Enterprise Linux (RHEL) and CentOS so you won’t need to use su and keep entering the root password
• Configuring sudo to not ask for your password
• How to enable sudo during system installation
• Why sudo seems to work out of the box for some users and not others

TL;DR: Basic sudo

To enable sudo for your user ID on RHEL, add your user ID to the wheel group:

1. Become root by running su
2. Run usermod -aG wheel your_user_id
3. Log out and back in again

Now you will be able to use sudo when logged in under your normal user ID. You will be asked to enter the password for your user ID when you run a sudo command. For the next five minutes, sudo will remember that you’ve been authenticated, so you won’t be asked for your password again.

This works because the default /etc/sudoers file on RHEL contains the following line:

That line enables all users in group wheel to run any command with sudo , but users will be asked to prove their identity with their password. Note: there is no comment symbol ( # ) in front of that line.

After logging out and back in again, you can verify that you are in group wheel by running the id command:

Using sudo without a password

You can also configure sudo to not ask for a password to verify your identity. For many situations (such as for real servers) this would be considered too much of a security risk. However, for developers running a RHEL VM on their laptop, this is a reasonable thing to do since access to their laptops is probably already protected by a password.

To set this up, two different methods are shown. You can either edit /etc/sudoers or you can create a new file in /etc/sudoers.d/ . The first is more straightforward, but the latter is easier to script and automate.

Edit /etc/sudoers

As root, run visudo to edit /etc/sudoers and make the following changes. The advantage of using visudo is that it will validate the changes to the file.

The default /etc/sudoers file contains two lines for group wheel ; the NOPASSWD: line is commented out. Uncomment that line and comment out the wheel line without NOPASSWD . When you are done, it should look like this:

Alternate method: Create a new file in /etc/sudoers.d

You can create files in /etc/sudoers.d that will be part of the sudo configuration. This method is easier to script and automate. Also, since this doesn’t involve changing groups, you won’t have to log out and back in again. Change your_id to your user ID.

Enable sudo during system installation

During RHEL system installation, you can enable sudo for the user you create during the installation. There is an often overlooked (and misunderstood) Make this user administrator option on the User Creation screen where you enter the user ID and password. If you select the Make this user administrator box, the user will be made part of the wheel group during the installation.

I have to admit, I overlooked this option and didn’t understand what it did until I stumbled on this article in Fedora Magazine. While the article is about Fedora, this functionality is essentially the same for RHEL, since Fedora is the upstream community project that is used as the basis for RHEL.

For me, this finally cleared up the mystery of whys sudo seem to work out of the box for some RHEL users but not others. This isn’t really explained well in the RHEL installation guide.

Источник

Red Hat Customer Portal

Log in to Your Red Hat Account

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

Red Hat Account

Customer Portal

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Select Your Language

Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

21.3. Defining sudo Rules

21.3.1. About External Users

Figure 21.1. External Entities

21.3.2. About sudo Options Format

21.3.3. Defining sudo Rules in the Web UI

Note

21.3.4. Defining sudo Rules in the Command Line

Example 21.1. Creating Basic sudo Rules

Example 21.2. Allowing and Denying Commands

Example 21.3. Using sudoers Options

Note

Example 21.4. Running as Other Users

Note

Example 21.5. Referencing External Users

Table 21.1. sudo Commands

Command	Description
sudorule-add	Add a sudo rule entry.
sudorule-add-user	Add a user or a user group to the sudo rule. This user (or every member of the group) is then entitled to sudo any of the commands in the rule.
sudorule-add-host	Add a target host for the rule. These are the hosts where the users are granted sudo permissions.
sudorule-add-runasgroup	Set a group to run the sudo commands as. This must be a specific user; to specify all users, modify the rule using sudo-rule .
sudorule-add-runasuser	Set a user to run the sudo commands as. This must be a specific user; to specify all users, modify the rule using sudo-rule .
sudorule-add-allow-command	Add a command that users in the rule have sudo permission to run.
sudorule-add-deny-command	Add a command that users in the rule are explicitly denied sudo permission to run.
sudorule-add-option	Add a sudoers flag to the sudo rule.
sudorule-disable	Temporarily deactivate a sudo rule entry.
sudorule-enable	Activate a previously suspended sudo rule.
sudorule-del	Remove a sudo rule entirely.

Example 21.6. Adding and Modifying a New sudo Rule from the Command Line

Источник

How To Create a Sudo User on RHEL (Red Hat Enterprise Linux) Operating System

Kumar Satish

Apr 12, 2020

Debian

0 Comments

We talk about “sudo” privileges, we are talking about the “sudo” command.

The “sudo” command allows users to run any other commands, services, or program with the privileges of another user, and by default, it took the privileges of the root user.

In this tutorial, we will learn how to create a new user with sudo access on Red Hat Operating System. So, you can use this user to execute an administrative command in the system without login as root user in your RHEL machine.

Create a Sudo User

We will create a new user in RHEL machine with sudo privileges in simple four steps. If you want to give sudo privileges to an existing user, just need to add in “wheel” group and for that directly go to step 4.

Step 1: Log in to your server

In the first step, you need to login into your system or server with root user, using the SSH command:

Step 2: Create a new user account

Now, we will create a new user in this RHEL machine by using ‘adduser” command. Please replace the “user_name” with the user name that you want to create:

Step 3: Set password for Username

You should run the “passwd” command to secure user with password, as show below:

You will get the new screen to set new password for given username, like below:

Step 4: Add new user to sudo group

In the RHEL system if you get a member of the wheel group you will get the sudo access. To add a user into the “wheel” group, use the following usermod command:

Test the sudo access

To check you have sudo access or not, first go to your account login. To this either you login using your username and password or switch to your account using “su” command, as shown below:

Now, run “whoami” command with sudo:

If the user having sudo access, you will get the output of the “whoami” command is “root”:

How to use sudo

To use the sudo privileges with any command is very simple, prefix the command with “sudo” and space as shown below:

In a session, first-time use of “sudo”, you will get a screen to enter the user password:

Conclusion

You have learned how to create a new user in Red Hat System and assign the sudo access or privileges to a user in RHEL machine. Now, you can log in into your Red Hat system or server with your user access and use “sudo” command to run administrative commands.

Feel free to leave a comment if you have any doubt or questions.

Источник