This article describes the process of granting sudo access to a new or existing user on CentOS
Create a new user by using the adduser command followed by the new user’s <username> as shown in the following example:
[root@funserver ~]# adduser bobby
Use the passwd command followed by the new user’s <username> to set up a password for bobby user. Enter the new password in the verification prompt twice.
[root@funserver ~]# passwd bobby
Changing password for user bobby
New password:
Retype new password:
passwd: all authentication tokens updated successfully
Now we have a user created however, this users only have the least privilege therefore we have to elevate them otherwise wouldn’t be able to do much with the user bobby.
Grant root permissions to a new or existing user
Edit the sudoers file by using the following command:
[root@funserver ~]# visudo
You then see a version similar to following text:
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the ‘sys’ group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
Press the i key on your keyboard to enter insert mode. Next press the j key to move the cursor down and the k key to move it up to the following section:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
Add the newly created user by inserting <username> ALL=(ALL) ALL on a new line as show in the following example:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
newuser ALL=(ALL) ALL
Press the i key to exit insert mode, followed by typing :wq to save and exit.
Verify permission change
Now that we have an su user with some power, we need to ensure we can elevate to su with our newly create user.
Use the su command followed by – <username> to access the new user account.
[root@funserver ~]# su – bobby
[bobby@funserver ~]$
Use the sudo -i command to test if the new user account can elevate permissions. Enter the new user’s password. Verify these steps by using the following example:
[bobby@funserver ~]$ sudo -i
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for bobby:
[root@funserver ~]#
Use the whoami command to verify you are currently the root user.
[root@funserver ~]# whoami
root
Please, be mindful as this can have some legitimate reason to elevate an account before elevating any account. Cheers ~
My Daily Cloud Blog 
Leave a comment