You’ve probably seen tutorials that use
sudo for running administrative commands as root. However when you try it, you get told your user ID is “not in the sudoers file, this incident will be reported.” For developers,
sudo can be very useful for running steps that require root access in build scripts.
This article covers:
- How to configure
sudoaccess on Red Hat Enterprise Linux (RHEL) and CentOS so you won’t need to use
suand keep entering the root password
sudoto not ask for your password
- How to enable
sudoduring system installation
sudoseems to work out of the box for some users and not others
sudo for your user ID on RHEL, add your user ID to the
- Become root by running
usermod -aG wheel your_user_id
- Log out and back in again
Now you will be able to use
sudo when logged in under your normal user ID. You will be asked to enter the password for your user ID when you run a
sudo command. For the next five minutes,
sudo will remember that you’ve been authenticated, so you won’t be asked for your password again.
This works because the default
/etc/sudoers file on RHEL contains the following line:
%wheel ALL=(ALL) ALL
That line enables all users in group
wheel to run any command with
sudo, but users will be asked to prove their identity with their password. Note: there is no comment symbol (
#) in front of that line.
After logging out and back in again, you can verify that you are in group
wheel by running the
$ id uid=1000(rct) gid=10(wheel) groups=10(wheel),1000(rct)
sudo without a password
You can also configure
sudo to not ask for a password to verify your identity. For many situations (such as for real servers) this would be considered too much of a security risk. However, for developers running a RHEL VM on their laptop, this is a reasonable thing to do since access to their laptops is probably already protected by a password.
To set this up, two different methods are shown. You can either edit
/etc/sudoers or you can create a new file in
/etc/sudoers.d/. The first is more straightforward, but the latter is easier to script and automate.
As root, run
visudo to edit
/etc/sudoers and make the following changes. The advantage of using
visudo is that it will validate the changes to the file.
/etc/sudoers file contains two lines for group
NOPASSWD: line is commented out. Uncomment that line and comment out the
wheel line without
NOPASSWD. When you are done, it should look like this:
## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password %wheel ALL=(ALL) NOPASSWD: ALL
Alternate method: Create a new file in
You can create files in
/etc/sudoers.d that will be part of the
sudo configuration. This method is easier to script and automate. Also, since this doesn’t involve changing groups, you won’t have to log out and back in again. Change your_id to your user ID.
$ su - # echo -e “your_id\tALL=(ALL)\tNOPASSWD: ALL" > /etc/sudoers.d/020_sudo_for_me # cat /etc/suders.d/020_my_sudo your_id ALL=(ALL) NOPASSWD: ALL
sudo during system installation
During RHEL system installation, you can enable
sudo for the user you create during the installation. There is an often overlooked (and misunderstood) Make this user administrator option on the User Creation screen where you enter the user ID and password. If you select the Make this user administrator box, the user will be made part of the
wheel group during the installation.
I have to admit, I overlooked this option and didn’t understand what it did until I stumbled on this article in Fedora Magazine. While the article is about Fedora, this functionality is essentially the same for RHEL, since Fedora is the upstream community project that is used as the basis for RHEL.
For me, this finally cleared up the mystery of whys
sudo seem to work out of the box for some RHEL users but not others. This isn’t really explained well in the RHEL installation guide.
For more information
- See the "Gaining Privileges" chapter in the Red Hat Enterprise Linux 7 System Administrator's Guide.
- See "How to allow a normal user to run commands as root user using sudo." This article is on the Red Hat Customer Portal. Join the Red Hat Developer Program to get a Red Hat ID, which will let you view the knowledgebase articles on the Red Hat Customer Portal.
- See the "Configure your Fedora system to use sudo" article in Fedora Magazine.