Share This Article
Contents
In Linux, sudo is a program that allows you to momentarily elevate your user account to acquire root privileges and to execute administrative tasks. Sudo is short for su “do” and was previously abbreviated as “super user do.” This is different from “su” which is an acronym that stands for switch user or substitute user and allows you to switch to any user.
This guide will walk you through how to create a sudo user on RHEL 9.
Root vs. Sudo User
The root account is the most privileged and powerful user on the system, and can run any program, access any file, and modify system settings. On most systems, the root user can be accessed by running the command `su -` or `sudo su` on Debian-based distributions.
A sudo user is a standard regular user with the capabilities of running root-level tasks. They can temporarily execute some or all the operations of the root user by invoking `sudo` before any command.
In practice, it’s recommended to use a sudo user for running administrative tasks, because sudo offers more granular control over user permissions. In addition, the root user, being the most powerful user, can break the system by accidentally running an erroneous command.
In addition, running commands as sudo means that all commands will be logged as part of compliance and security.
Step 1: Create a Regular User
Start by creating a regular or standard login user that we will later add to the sudoers group. Log in to your server as root and create a user using the `adduser` command as shown.
In this example, we are creating a user called ‘jumpcloud’.
# adduser jumpcloud
With the regular user account created, assign a password to the user using the `passwd` command as shown.
# passwd jumpcloud
Be sure to provide a strong password and confirm it. Finally, you’ll see a confirmation message that the operation was successfully executed.
Step 2: Add the Regular User to the Sudoers Group
At this point, the regular user can only run standard commands. They cannot perform any tasks or operations that require elevated privileges such as updating the system, or installing or removing packages.
For the user to acquire root or elevated privileges, we need to add them to the sudoers group.
When a new user is created, they are assigned to a primary group that takes after the user account’s name. In this case, the user jumpcloud belongs to the primary group called jumpcloud. To confirm this, run the command as follows:
# groups jumpcloud
From the command output, you can see that the user belongs to only one group. In addition, as we pointed out before, the user is limited to the commands they can execute and cannot run administrative tasks. The default behavior for sudoers is to block everything but what you allow.
To prove this, we will switch to the user as shown.
# su – jumpcloud
Let’s try to check for package updates and see the outcome. To do so, we will prepend sudo to the command as shown.
$ sudo yum check-update
You’ll notice that you get a warning that the user is not in the sudoers group. This implies that the user does not have elevated privileges to run administrative or root commands.
To assign a user to the sudoers group, switch back to the root user.
$ exit
Next, run the following usermod command to add the user to sudoers group:
$ usermod -aG wheel jumpcloud
The wheel group is a special group in Red Hat-based systems that grants elevated or administrative privileges to a regular user so that they can run commands as the root user.
The regular user now belongs to two groups: jumpcloud, which is the primary group and wheel,which is the secondary group.
Additionally, you can confirm the user accounts that belong to the wheel group as follows:
# cat /etc/group | grep wheel
Step 3: Test the Sudo User
Let’s now verify if we can perform or run administrative tasks using the newly created user. To do so, we will switch to the user.
# su – jumpcloud
Once again, we will attempt to check for package updates.
$ sudo yum check-update
You can observe, from the output, that the command executes successfully without any warnings or errors. This is proof that we have successfully created a sudo user.
Step 4: How to remove a Sudo User
Removing a sudo user is as simple as creating one. The gpasswd command-line utility is a tool for managing entries in the /etc/shadow and /etc/groups files and can be used to remove a sudo user in one command.
To remove a sudo user, simply run the following command. This removes the regular user from the ‘wheel’ group.
# gpasswd -d jumpcloud wheel
Notice that the user now only belongs to its primary group since it has been removed from the ‘wheel’ group.
Conclusion
In this guide, you have learned how to create a sudo user in RHEL 9 and run elevated or root-level tasks. If you’d like to practice more skills in RHEL 9, check out the following tutorials:
