Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
10-17-2016, 09:06 AM
|
#1
|
Member
Registered: Aug 2012
Posts: 789
Rep:
|
Adding user to sudo list on Centos
Please let me know what I am doing wrong. Thanks
Code:
[Michael@vps2 ~]$ su -
Password:
[root@vps2 ~]# usermod -aG wheel Michael
[root@vps2 ~]# exit
logout
[Michael@vps2 ~]$ sudo ls -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for Michael:
Michael is not in the sudoers file. This incident will be reported.
[Michael@vps2 ~]$
|
|
|
10-17-2016, 09:16 AM
|
#2
|
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,675
Rep:
|
Wrong thread, sorry.
Last edited by Emerson; 10-17-2016 at 09:18 AM.
|
|
|
10-17-2016, 10:37 AM
|
#3
|
Member
Registered: Dec 2010
Location: /home
Distribution: Slackware stable
Posts: 79
Rep:
|
I think you need to edit sudoers file and allow members of wheel group to run sudo.
Type this command as root
This opens sudoers file in vim, search for 'wheel' and remove the comment('#') before that.
|
|
|
10-17-2016, 10:57 AM
|
#4
|
LQ Veteran
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Salix
Posts: 6,171
|
You need to edit /etc/sudoers and do it using the visudo command, which checks that your edit is correct before saving it. If you don't like vi, choose an editor you do like this:
su
export EDITOR=nano
visudo
The file is fairly clear, with examples, but you could also checkout the man page for sudoers.
The wheel group is rather different. When used (not common these days, except in BSD) you have to belong to wheel to use su.
|
|
|
10-17-2016, 11:09 AM
|
#5
|
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
|
Is group "wheel" enabled? See link. Note: the page uses "$" and "#" to indicate either normal user or root user, but that's not part of the commands. From it:
Quote:
Run the visudo to edit the /etc/sudoers file. This file defines the policies applied by the sudo command.
Find the lines in the file that grant sudo access to users in the group wheel when enabled.
Code:
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
Remove the comment character (#) at the start of the second line. This enables the configuration option.
Save your changes and exit the editor.
Add the user you created to the wheel group using the usermod command.
Code:
# usermod -aG wheel USERNAME
Test that the updated configuration allows the user you created to run commands using sudo.
Use the su to switch to the new user account that you created.
Use the groups to verify that the user is in the wheel group.
Code:
$ groups
USERNAME wheel
Use the sudo command to run the whoami command. As this is the first time you have run a command using sudo from this user account the banner message will be displayed. You will be also be prompted to enter the password for the user account.
Code:
$ sudo whoami
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for USERNAME:
root
The last line of the output is the user name returned by the whoami command. If sudo is configured correctly this value will be root.
You have successfully configured a user with sudo access. You can now log in to this user account and use sudo to run commands as if you were logged in to the account of the root user.
|
Last edited by mark_alfred; 10-17-2016 at 11:16 AM.
Reason: formatting
|
|
|
10-17-2016, 11:49 AM
|
#6
|
Member
Registered: Aug 2004
Location: pune
Distribution: Slackware
Posts: 361
Rep:
|
you didnt use 'visudo' to add wheel group to sudoers file.
groups start with %
so adding this sudoers file would help you:
# Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
for more control or options you may want to use , see 'man sudoers' or you could google for examples.
|
|
|
10-17-2016, 12:30 PM
|
#7
|
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
|
Posts 3, 4, 5, and 6 have all cited the same issue surrounding the group "wheel" (with post 4 indicating it's a mostly passé method, but still plausible) . How many others will cite this? Time will tell.
|
|
|
10-17-2016, 12:40 PM
|
#8
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
Quote:
Originally Posted by mark_alfred
How many others will cite this? Time will tell.
|
One can never say it enough.
|
|
|
10-17-2016, 04:34 PM
|
#9
|
Member
Registered: Aug 2012
Posts: 789
Original Poster
Rep:
|
Thank you all.
No, I didn't use use visudo first.
Before I un-comment the wheels group, should I? The only reason I thought I should was some initial searchs on how to allow sudo. The server is managed by me, and used by me plus a couple of people. Is there a better strategy?
Thanks
|
|
|
10-17-2016, 05:52 PM
|
#10
|
Senior Member
Registered: Jul 2003
Location: Toronto, Ontario, Canada
Distribution: Ubuntu Linux 16.04, Debian 10, LineageOS 14.1
Posts: 1,572
|
I don't really know. This is the first I've heard of the wheel group. Generally if I've created a new user that I wanted to have sudo powers, I've added them to the sudo group. My /etc/sudoers file looks like this:
Code:
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
Currently no user on my system is a member of the admin group, though I, user mark, am a member of both sudo and adm (I'm not sure what the group "adm" is for). Anyway, it's just me using my laptop and it's an Ubuntu install. So, that's how mine is set up.
Here's some history on the wheel group ( link). Seems Richard Stallman didn't like it (felt it lacked freedom) so it fell out of favour in Linux distros. Apparently to safeguard against the sharing of the root password, the extra condition of having to belong to the wheel group was added. Of course, given that root is often disabled now, and given that some users may or may not be part of the group sudo, I'm not sure what the difference is between group "sudo" and group "wheel".
Anyway, I don't really know, but I figure since you've got it set up, you may as well use it.
Last edited by mark_alfred; 10-17-2016 at 07:16 PM.
Reason: correct an error
|
|
|
10-17-2016, 06:18 PM
|
#11
|
Member
Registered: Jul 2013
Posts: 749
Rep:
|
wheel group is enabled in sudoers by default on centos7. If you are a group member of wheel you should be allowed to use sudo. You may need to log out and back on after changing your group memberships.
|
|
|
10-17-2016, 06:21 PM
|
#12
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,820
|
For what it's worth, on all of my Linux systems, only one user (sysmaint) is capable of sudo, and this user is used for no other purpose.
Therefore, it is almost never used. When software needs to be installed, or when operating-system updates from the distro vendor need to be applied, then this user is used.
This user does not own any files. It isn't used for application maintenance. (There's appmaint for that ...)
It doesn't own any of the deployed systems. (There's a third reserved user for that ...)
You get the idea.
|
|
1 members found this post helpful.
|
10-18-2016, 01:36 AM
|
#13
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,493
|
Quote:
Originally Posted by sundialsvcs
You get the idea.
|
Compartmentalization is a good idea. Taking advantage of sudoers properly goes far in that direction. And it would save a lot of trouble and work if distros had much better defaults for /etc/sudoers to point the right direction. There is so often misuse of "sudo" and "sudoers" by not taking advantage of the granularity it can offer in regards to access, and instead just using it as a longer way of writing "su", that I made a blog entry about it.
It would be great if the benefits of properly configuring sudoers were more obvious from the start. Better defaults would help with that. But until then, there is a lot of remedial action going on. One is to recommend reading Sudo Mastery: Access Control for Real People by Michael W. Lucas or checking out his presentation (slides or video) on "sudo: You're Doing it Wrong"
|
|
|
10-18-2016, 07:23 AM
|
#14
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
Quote:
Originally Posted by mark_alfred
I don't really know. This is the first I've heard of the wheel group. Generally if I've created a new user that I wanted to have sudo powers, I've added them to the sudo group.
|
Your sudo and wheel are the same in regards to the setup
Quote:
Originally Posted by Turbocapitalist
And it would save a lot of trouble and work if distros had much better defaults for /etc/sudoers to point the right direction.
|
Really? How could you expect a distro to know how you are going to run your system? This is part of the Sys Admin's job. If he is going to go down this rabbit hole then he should have already mapped this out.
|
|
1 members found this post helpful.
|
10-18-2016, 07:35 AM
|
#15
|
LQ Guru
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 7,493
|
Quote:
Originally Posted by lazydog
Really? How could you expect a distro to know how you are going to run your system?
|
They don't and can't know. But they can provide better examples rather than just setting "sudo" to be the functional equivalent equivalent of "su". Using %sudo ALL=(ALL:ALL) ALL as a default is not instructive. Here's a default that is a bit closer to a good compromise than that:
Code:
%sudo ALL=(root:root) /usr/sbin/visudo "",
/usr/bin/yum
Maybe a third line is needed for something else common.
Quote:
Originally Posted by lazydog
This is part of the Sys Admin's job. If he is going to go down this rabbit hole then he should have already mapped this out.
|
Yep.
|
|
|
All times are GMT -5. The time now is 10:03 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|