How to Create a Sudo User in RHEL 9

Written by David Worthington on January 26, 2024

Share This Article


Contents


Jump to Tutorial

In Linux, sudo is a program that allows you to momentarily elevate your user account to acquire root privileges and to execute administrative tasks. Sudo is short for su “do” and was previously abbreviated as “super user do.” This is different from “su” which is an acronym that stands for switch user or substitute user and allows you to switch to any user. 

This guide will walk you through how to create a sudo user on RHEL 9.

Root vs. Sudo User

The root account is the most privileged and powerful user on the system, and can run any program, access any file, and modify system settings. On most systems, the root user can be accessed by running the command `su -` or `sudo su` on Debian-based distributions.

A sudo user is a standard regular user with the capabilities of running root-level tasks. They can temporarily execute some or all the operations of the root user by invoking `sudo` before any command.

In practice, it’s recommended to use a sudo user for running administrative tasks, because sudo offers more granular control over user permissions. In addition, the root user, being the most powerful user, can break the system by accidentally running an erroneous command. 

In addition, running commands as sudo means that all commands will be logged as part of compliance and security.

Step 1: Create a Regular User

Start by creating a regular or standard login user that we will later add to the sudoers group. Log in to your server as root and create a user using the `adduser` command as shown. 

In this example, we are creating a user called ‘jumpcloud’.

# adduser jumpcloud

With the regular user account created, assign a password to the user using the `passwd` command as shown.

# passwd jumpcloud

Be sure to provide a strong password and confirm it. Finally, you’ll see a confirmation message that the operation was successfully executed.

tutorial code

Step 2: Add the Regular User to the Sudoers Group

At this point, the regular user can only run standard commands. They cannot perform any tasks or operations that require elevated privileges such as updating the system, or installing or removing packages.

For the user to acquire root or elevated privileges, we need to add them to the sudoers group.

When a new user is created, they are assigned to a primary group that takes after the user account’s name. In this case, the user jumpcloud belongs to the primary group called jumpcloud. To confirm this, run the command as follows:

# groups jumpcloud

tutorial code

From the command output, you can see that the user belongs to only one group. In addition, as we pointed out before, the user is limited to the commands they can execute and cannot run administrative tasks. The default behavior for sudoers is to block everything but what you allow.

To prove this, we will switch to the user as shown.

# su – jumpcloud

Let’s try to check for package updates and see the outcome. To do so, we will prepend sudo to the command as shown.

$ sudo yum check-update

You’ll notice that you get a warning that the user is not in the sudoers group. This implies that the user does not have elevated privileges to run administrative or root commands.

tutorial code

To assign a user to the sudoers group, switch back to the root user.

$ exit

Next, run the following usermod command to add the user to sudoers group:

$ usermod -aG wheel jumpcloud

The wheel group is a special group in Red Hat-based systems that grants elevated or administrative privileges to a regular user so that they can run commands as the root user.

The regular user now belongs to two groups: jumpcloud, which is the primary group and wheel,which is the secondary group.

tutorial code

Additionally, you can confirm the user accounts that belong to the wheel group as follows:

# cat /etc/group | grep wheel

tutorial code

Step 3: Test the Sudo User

Let’s now verify if we can perform or run administrative tasks using the newly created user. To do so, we will switch to the user.

# su – jumpcloud

Once again, we will attempt to check for package updates.

$ sudo yum check-update

You can observe, from the output, that the command executes successfully without any warnings or errors. This is proof that we have successfully created a sudo user.

tutorial code

Step 4: How to remove a Sudo User

Removing a sudo user is as simple as creating one. The gpasswd command-line utility is a tool for managing entries in the /etc/shadow and /etc/groups files and can be used to remove a sudo user in one command.

To remove a sudo user, simply run the following command. This removes the regular user from the ‘wheel’ group.

# gpasswd -d jumpcloud wheel

Notice that the user now only belongs to its primary group since it has been removed from the ‘wheel’ group.

tutorial code

Conclusion

In this guide, you have learned how to create a sudo user in RHEL 9 and run elevated or root-level tasks. If you’d like to practice more skills in RHEL 9, check out the following tutorials:

cross-platform management

Secure & Manage Linux Systems

Cross-OS device management for the modern organization

David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter