Red Hat Enterprise Linux

You’ve probably seen tutorials that use sudo for running administrative commands as root. However when you try it, you get told your user ID is “not in the sudoers file, this incident will be reported.”  For developers, sudo can be very useful for running steps that require root access in build scripts.

This article covers:

  • How to configure sudo access on Red Hat Enterprise Linux (RHEL) and CentOS so you won’t need to use su and keep entering the root password
  • Configuring sudo to not ask for your password
  • How to enable sudo during system installation
  • Why sudo seems to work out of the box for some users and not others

TL;DR: Basic sudo

To enable sudo for your user ID on RHEL, add your user ID to the wheel group:

  1. Become root by runningsu
  2. Run usermod -aG wheel your_user_id
  3. Log out and back in again

Now you will be able to use sudo when logged in under your normal user ID. You will be asked to enter the password for your user ID when you run a sudo command. For the next five minutes, sudo will remember that you’ve been authenticated, so you won’t be asked for your password again.

This works because the default /etc/sudoers file on RHEL contains the following line:

%wheel  ALL=(ALL)  ALL

That line enables all users in group wheel to run any command with sudo, but users will be asked to prove their identity with their password.  Note: there is no comment symbol (#) in front of that line.

After logging out and back in again, you can verify that you are in group wheel by running the id command:

$ id
uid=1000(rct) gid=10(wheel) groups=10(wheel),1000(rct)

Using sudo without a password

You can also configure sudo to not ask for a password to verify your identity. For many situations (such as for real servers) this would be considered too much of a security risk. However, for developers running a RHEL VM on their laptop, this is a reasonable thing to do since access to their laptops is probably already protected by a password.

To set this up, two different methods are shown. You can either edit /etc/sudoers or you can create a new file in /etc/sudoers.d/.  The first is more straightforward, but the latter is easier to script and automate.

Edit /etc/sudoers

As root, run visudo to edit /etc/sudoers and make the following changes. The advantage of using visudo is that it will validate the changes to the file.

The default /etc/sudoers file contains two lines for group wheel; the NOPASSWD: line is commented out.  Uncomment that line and comment out the wheel line without NOPASSWD. When you are done, it should look like this:

## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

## Same thing without a password

Alternate method: Create a new file in /etc/sudoers.d

You can create files in /etc/sudoers.d that will be part of the sudo configuration. This method is easier to script and automate. Also, since this doesn’t involve changing groups, you won’t have to log out and back in again. Change your_id to your user ID.

$ su -
# echo -e “your_id\tALL=(ALL)\tNOPASSWD: ALL" > /etc/sudoers.d/020_sudo_for_me

# cat /etc/suders.d/020_my_sudo

Enable sudo during system installation

During RHEL system installation, you can enable sudo for the user you create during the installation. There is an often overlooked (and misunderstood) Make this user administrator option on the User Creation screen where you enter the user ID and password. If you select the Make this user administrator box, the user will be made part of the wheel group during the installation.

I have to admit, I overlooked this option and didn’t understand what it did until I stumbled on this article in Fedora Magazine. While the article is about Fedora, this functionality is essentially the same for RHEL, since Fedora is the upstream community project that is used as the basis for RHEL.

For me, this finally cleared up the mystery of whys sudo seem to work out of the box for some RHEL users but not others. This isn’t really explained well in the RHEL installation guide.

RHEL 7 Install Create User

For more information

Last updated: July 31, 2023