Setting up sudo privileges for full administrative users
Before we look at how to limit what users can do, let's first look at how to allow a user to do everything, including logging into the root command prompt. There are a couple of methods for doing that.
Method 1 – adding users to a predefined admin group
The first method, which is the simplest, is to add users to a predefined administrators group and then, if it hasn't already been done, to configure the sudo policy to allow that group to do its job. It's simple enough to do except that different Linux distro families use different admin groups.
On Unix, BSD, and most Linux systems, you would add users to the wheel
group. (Members of the Red Hat family, including CentOS, fall into this category.) When I do the groups
command on my CentOS machine, I get this:
[donnie@localhost ~]$ groups donnie wheel [donnie@localhost ~]$
This shows that I'm a member of the wheel group. By doing sudo visudo
, I'll open the sudo policy file. Scrolling down...