Sudo is a command line program that allows an ordinary user to execute commands that require superuser privileges.
Running your system as a non-root user is good practice for a number of reasons. Applications should be run with non-root security. You wouldn’t want a bug in an application to mess with your underlying system.
It’s just good practice on any system regardless the Operating System to run your applications on user-level and leave the administrative tasks to the superuser.
For an ordinary user to be able to perform administrative tasks, they need to be added to the Sudo group. Below are 3 steps to follow to create a user and add them to the Sudo group in CentOS 7.
1) Connect to your server and add add a new user-level
Connect to your server via SSH and use the command below to add a new user to the system.
Where ‘username’ is the name of the new user. Choose a strong password for the user with the command below
You will be asked to enter the password again and once you enter it correctly you will get a notification that the authentication tokens have been updated successfully.
2) Add user to wheel group in CentOS
The wheel group is a unique group that allows all the users in the group to execute all commands.
The new user can be added to the wheel group using the command below.
usermod -aG wheel username
Now, use visudo to open and edit the /etc/sudoers file and uncomment the line that starts with %wheel . The line should look like this.
##Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
3) Switch and test the Sudo user
Use the command below to switch to the Sudo user.
su – username
To test if the user can execute command that require administrative privileges issue the following command.
$ ls -la /root/
You should get the following error message
ls: cannot open directory /root/: Permission denied
Now you can try running the same command but using sudo instead
$ sudo ls -ls /root/
You will be prompted to enter the user’s password and if everything is okay, the command will execute successfully , that is, the content of the /root directory will be listed.
Another way to verify would be to issue the whoami command and the output should be like this
$ sudo whoami
Now you have a sudo user which you can use to manage your CentOS 7 system.