INTRODUCTION: 

Performing server administration as a non-root client is a best practice. For security, your first attempt while conveying a CentOS services at onenets servers is to make a non-root client with sudo to get access.

This guide applies to the following versions, both with and without SELinux empowered.

CentOS 8

CentOS 7

CentOS 6

 

  1. Add a New User Account

Create a new user account with the add-user command.

# add user example_user

Set a strong password for the new user with password

# password example_user

Changing password for user example_user.

New password:

Retype new password:

password: all authentication tokens updated successfully.

  1. Add the User to the Wheel Group

Add the new user to the wheel group with user mod.

#usermod -aG wheel example_user

  1. Edit Sudoers File

Check the sudoers file with visudo.

# visudo

Look for the wheel group Remove the comment of the line if disabled, It should look like this when you are ready to save the file.

Allows people in group wheel to run all commands

%wheel  ALL=(ALL)       

Save and exit 

Type ESC, then: WQ, then ENTER.

Note: The visudo utility performs syntax checking before committing your edits to the file. A malformed sudoers file can break your system. Never edit /etc/sudoers directly. For example, if you make an error, you'll see this when exiting visudo.

visudo: >>> /etc/sudoers: syntax error near line 64 <<<

edit sudoers file again

exit without saving changes to the sudoers file

quit and save changes to sudoers file (DANGER!)

  1. Test

Switch to the new user.

# su - example_user

Verify you are the new user with who am I, then test sudo access with sudo who am i, which should return root.

$ who am i

example_user

$ sudo who am i

[sudo] password for example_user:

root

Conclusion

The new user account is ready to use. As a best practice, use this sudo user for server administration. You should avoid using root for maintenance tasks.

Was this answer helpful? 0 Users Found This Useful (0 Votes)