Basics of Managing Users on CentOS Systems
Managing users can be a daunting task: from day-to-day maintenance, security risks, and lack of thorough online documentation. This article will help start you off by explaining the basics of properly managing users on CentOS systems.
sudo is a command used when a user is not logged in as the root user, but wants to execute a command as the root user. For example, say that only the root user has access to the
/etc/test.txt file. Trying to open the file with
vi /etc/test.txt as a "normal" user would not work, whereas
sudo vi /etc/test.txt would work, because the command is executed with root privileges.
Adding a User
Adding users on CentOS is performed with the
adduser command. Simply type:
Given that you want to give this user a password, type:
If you do not manually do this, the user will not have a password.
Deleting a User
If a user does not need to have access to your system anymore, you should delete it. In order to delete a user, you can use
-r switch to the
userdel command will cause their home directory to be deleted as well (
/home/UserName). Be sure to make a backup of this folder first, if needed.
userdel -r UserName
Granting a User Sudo Privileges
A common use case for "sudo" exists when you do not want to share the password of the root user account, but you still want users on your system to be able to run root-level commands. Running
sudo as the root user is useless, as the account already has root privileges.
You can give a user permission to use
sudo with the following command:
gpasswd -a UserName wheel
This adds a user to the
wheel group, which always has access to the
sudo command. Now the user can run
sudo, a user is prompted for their password before the command will execute. This is normal behavior, and can be disabled by editing the
sudo settings in
Monitoring Sudo Attempts
For the security of your system, Linux logs both successful and unsuccessful attempts at using
sudo. When a user tries to use
sudo without having access to it, the following error will be displayed:
UserName is not in the sudoers file. This incident will be reported.
Sudoers incidents are logged to