Manage users and groups
- Configure superuser access
-
A similar and basic doc about this topic from RedHat Openstack Platform
Configure sudo access
1) login as the root
2) Create a normal user account using the useradd command
useradd USERNAME
3) Set the password for the new userpasswd USERNAME
4) Run the visudo to edit the /etc/sudoers file.Changing password for user USERNAME. New password: Retype new password: passwd: all authentication tokens updated successfully.
visudo
5) Find the lines in the file that grant sudo access to users in the group wheel when enabled.
6) Remove the comment character (#) at the start of the second line and save it.
Allows people in group wheel to run all commands
7) Add the user you created to the wheel group using the usermod command.# %wheel ALL=(ALL) ALL
usermod -aG wheel USERNAME
8) Test itsu USERNAME -
9) The last line of the output is the user name returned by the whoami command. If sudo is configured correctly this value will be root.$ groups USERNAME wheel $ sudo whoami We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for USERNAME: root
-
No password configuration for wheel group
You can configure the sudo not asking the password.
1) Run the visudo to edit the /etc/sudoers file.
Same thing without
# %wheel ALL=(ALL) NOPASSWD: ALL
-
No password configuration for a specific user
Sometimes you want enable a specific user for sudo without asking password. For this, after you add a new user, you can have a specific rule file for the new user under the /etc/sudoers.d directory. /etc/sudoer file will include this file at the ending of itself.
Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d /etc/sudoers.d/xxxxx # User rules for USERNAME USERNAME ALL=(ALL) NOPASSWD:ALL
-
auth sufficient pam_wheel.so trust use_uid