Adding user to sudo list on Centos
Please let me know what I am doing wrong. Thanks
Code:
[Michael@vps2 ~]$ su - |
Wrong thread, sorry.
|
I think you need to edit sudoers file and allow members of wheel group to run sudo.
Type this command as root Code:
visudo |
You need to edit /etc/sudoers and do it using the visudo command, which checks that your edit is correct before saving it. If you don't like vi, choose an editor you do like this:
su export EDITOR=nano visudo The file is fairly clear, with examples, but you could also checkout the man page for sudoers. The wheel group is rather different. When used (not common these days, except in BSD) you have to belong to wheel to use su. |
Is group "wheel" enabled? See link. Note: the page uses "$" and "#" to indicate either normal user or root user, but that's not part of the commands. From it:
Quote:
|
you didnt use 'visudo' to add wheel group to sudoers file.
groups start with % so adding this sudoers file would help you: # Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL for more control or options you may want to use , see 'man sudoers' or you could google for examples. |
Posts 3, 4, 5, and 6 have all cited the same issue surrounding the group "wheel" (with post 4 indicating it's a mostly passé method, but still plausible) . How many others will cite this? Time will tell.
|
Quote:
|
Thank you all.
No, I didn't use use visudo first. Before I un-comment the wheels group, should I? The only reason I thought I should was some initial searchs on how to allow sudo. The server is managed by me, and used by me plus a couple of people. Is there a better strategy? Thanks |
I don't really know. This is the first I've heard of the wheel group. Generally if I've created a new user that I wanted to have sudo powers, I've added them to the sudo group. My /etc/sudoers file looks like this:
Code:
# User privilege specification Here's some history on the wheel group (link). Seems Richard Stallman didn't like it (felt it lacked freedom) so it fell out of favour in Linux distros. Apparently to safeguard against the sharing of the root password, the extra condition of having to belong to the wheel group was added. Of course, given that root is often disabled now, and given that some users may or may not be part of the group sudo, I'm not sure what the difference is between group "sudo" and group "wheel". Anyway, I don't really know, but I figure since you've got it set up, you may as well use it. |
wheel group is enabled in sudoers by default on centos7. If you are a group member of wheel you should be allowed to use sudo. You may need to log out and back on after changing your group memberships.
|
For what it's worth, on all of my Linux systems, only one user (sysmaint) is capable of sudo, and this user is used for no other purpose.
Therefore, it is almost never used. When software needs to be installed, or when operating-system updates from the distro vendor need to be applied, then this user is used. This user does not own any files. It isn't used for application maintenance. (There's appmaint for that ...) It doesn't own any of the deployed systems. (There's a third reserved user for that ...) You get the idea. |
Quote:
It would be great if the benefits of properly configuring sudoers were more obvious from the start. Better defaults would help with that. But until then, there is a lot of remedial action going on. One is to recommend reading Sudo Mastery: Access Control for Real People by Michael W. Lucas or checking out his presentation (slides or video) on "sudo: You're Doing it Wrong" |
Quote:
Quote:
|
Quote:
Code:
%sudo ALL=(root:root) /usr/sbin/visudo "", Quote:
|
All times are GMT -5. The time now is 10:12 PM. |