You’ve probably seen tutorials that use sudo for running administrative commands as root. However when you try it, you get told your user ID is “not in the sudoers file, this incident will be reported.” For developers, sudo can be very useful for running steps that require root access in build scripts.
This article covers:
- How to configure
sudoaccess on Red Hat Enterprise Linux (RHEL) and CentOS so you won’t need to usesuand keep entering the root password - Configuring
sudoto not ask for your password - How to enable
sudoduring system installation - Why
sudoseems to work out of the box for some users and not others
TL;DR: Basic sudo
To enable sudo for your user ID on RHEL, add your user ID to the wheel group:
- Become root by running
su - Run
usermod -aG wheel your_user_id - Log out and back in again
Now you will be able to use sudo when logged in under your normal user ID. You will be asked to enter the password for your user ID when you run a sudo command. For the next five minutes, sudo will remember that you’ve been authenticated, so you won’t be asked for your password again.
This works because the default /etc/sudoers file on RHEL contains the following line:
%wheel ALL=(ALL) ALL
That line enables all users in group wheel to run any command with sudo, but users will be asked to prove their identity with their password. Note: there is no comment symbol (#) in front of that line.
After logging out and back in again, you can verify that you are in group wheel by running the id command:
$ id uid=1000(rct) gid=10(wheel) groups=10(wheel),1000(rct)
Using sudo without a password
You can also configure sudo to not ask for a password to verify your identity. For many situations (such as for real servers) this would be considered too much of a security risk. However, for developers running a RHEL VM on their laptop, this is a reasonable thing to do since access to their laptops is probably already protected by a password.
To set this up, two different methods are shown. You can either edit /etc/sudoers or you can create a new file in /etc/sudoers.d/. The first is more straightforward, but the latter is easier to script and automate.
Edit /etc/sudoers
As root, run visudo to edit /etc/sudoers and make the following changes. The advantage of using visudo is that it will validate the changes to the file.
The default /etc/sudoers file contains two lines for group wheel; the NOPASSWD: line is commented out. Uncomment that line and comment out the wheel line without NOPASSWD. When you are done, it should look like this:
## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password %wheel ALL=(ALL) NOPASSWD: ALL
Alternate method: Create a new file in /etc/sudoers.d
You can create files in /etc/sudoers.d that will be part of the sudo configuration. This method is easier to script and automate. Also, since this doesn’t involve changing groups, you won’t have to log out and back in again. Change your_id to your user ID.
$ su - # echo -e “your_id\tALL=(ALL)\tNOPASSWD: ALL" > /etc/sudoers.d/020_sudo_for_me # cat /etc/suders.d/020_my_sudo your_id ALL=(ALL) NOPASSWD: ALL
Enable sudo during system installation
During RHEL system installation, you can enable sudo for the user you create during the installation. There is an often overlooked (and misunderstood) Make this user administrator option on the User Creation screen where you enter the user ID and password. If you select the Make this user administrator box, the user will be made part of the wheel group during the installation.
I have to admit, I overlooked this option and didn’t understand what it did until I stumbled on this article in Fedora Magazine. While the article is about Fedora, this functionality is essentially the same for RHEL, since Fedora is the upstream community project that is used as the basis for RHEL.
For me, this finally cleared up the mystery of whys sudo seem to work out of the box for some RHEL users but not others. This isn’t really explained well in the RHEL installation guide.
For more information
- See the "Gaining Privileges" chapter in the Red Hat Enterprise Linux 7 System Administrator's Guide.
- See "How to allow a normal user to run commands as root user using sudo." This article is on the Red Hat Customer Portal. Join the Red Hat Developer Program to get a Red Hat ID, which will let you view the knowledgebase articles on the Red Hat Customer Portal.
- See the "Configure your Fedora system to use sudo" article in Fedora Magazine.