FREE TRIAL

Free VPS Trial

Start Free Trial
  • Live Chat
  • +357 2425 0808
  • Login
How To Create New Users with Root Access and Without Sudo on Linux

How To Create New Users with Root Access and Without Sudo on Linux

NetShop ISP

NetShop ISP · Blog Author

Aug 17, 2022 · Tutorials

In this guide, we will tackle a common task system administrators face when managing users and permissions on Linux servers environment. For the purposes of this tutorial we have tested all commands/steps on CentOS 7 and AlmaLinux 8 servers.

The sudo command allows users to run programs and access privileged directories but it can also allow the sudo user to login as root. This is a problem as there is no efficient activity logging for each sudo user, i.e. they can all run commands that show up as the ‘root’ user.

The first three steps in this tutorial will demonstrate how to create a user with root-equivalent privileges. Then we will show you how to disable the user from sudo-ing as root.

Step 1 – Create new user account

Create a new user account using the useradd command:

useradd johny

Now set the user ‘johny’ a password with the passwd command:

passwd johny

Once you hit enter, you will be prompted to confirm the password. Make sure you use a strong password.

Changing password for user johny.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Step 2 – Grant new user with sudo/root privileges

We are going to use the usermod command to add user ‘johny’ to the ‘wheel’ group. By default on RHEL/CentOS systems, members of the group ‘wheel’ are granted with sudo access.

usermod -aG wheel johny

At this point, user ‘johny’ has been added in wheel group without any restrictions. User johny can, at any time, run the command su root or sudo su to switch as the root user. If you want every user to run sudo-privileged commands under his/her own account (for logging purposes), then follow the last step below.

Step 3 – Modify Sudoers file

First, backup the /etc/sudoers config file as follows:

cp /etc/sudoers /root/sudoers.orig

Now, edit the sudoers config file as follows:

visudo

or

vi /etc/sudoers

Find this line:
%wheel ALL=(ALL) ALL

Replace it with:
%wheel ALL=(ALL:ALL) ALL, !/bin/su

Save the file and you are done!

Last Step – Verify

To verify if you have correctly disabled the sudo access to the user(s), login to your server as root and then switch to your user, let’s say johny

[root@netshop-server-demo ~]# su johny
[johny@netshop-demo-server root]$

Now, as user johny try to sudo as root in 2 ways:

[johny@netshop-server-demo root]$ sudo su
Sorry, user johny is not allowed to execute '/bin/su' as root on netshop-server-demo.

[johny@netshop-server-demo root]$ su root
Password:
su: Authentication failure
[johny@netshop-server-demo root]$

Hooray! You are done!

Categories

Backup
6
Business Continuity
4
Cloud Hosting
9
Colocation
4
Company Updates
1
Cryptocurrencies
1
Data Centers
12
Dedicated Servers
4
Disaster Recovery
3
Forex
24
Gaming
1
iGaming
33
Industry News
31
Interviews
10
Joomla
9
Magento
5
Managed Services
1
Operating Systems
1
Press Releases
60
Product News
6
Resellers
1
Security
24
Software & Apps
1
Streaming
1
Tech Startups
12
Tutorials
56
Uncategorized
389
Vps Hosting
11
Web Design & Development
3
Web Hosting
43
Webinars
1
Wordpress
14

Free VPS Trial

No Credit Card Required.

Recent Posts

Reflecting on a Year of Growth and Big Investment [CEO Interview at SBC Leaders Magazine]

Reflecting on a Year of Growth and Big Investment [CEO Interview at SBC Leaders Magazine]

25 January, 2023

How To Remove SSH Keys from Linux Server

How To Remove SSH Keys from Linux Server

16 January, 2023

How To Install Language Pack on Windows Server 2019

How To Install Language Pack on Windows Server 2019

30 December, 2022

Ultimate Fintech Awards 2023: NetShop ISP Shortlisted for “Best Connectivity Provider – MEA” Award

Ultimate Fintech Awards 2023: NetShop ISP Shortlisted for “Best Connectivity Provider – MEA” Award

29 December, 2022

Updated Version of myNetShop Client Portal Released: What’s New

Updated Version of myNetShop Client Portal Released: What’s New

27 December, 2022

Products

Bare Metal Dedicated Servers

Virtual Servers (VPS / VDS)

Rack Space & Colocation Hosting

Fast Web Hosting

Cloud Backup

Premium DNS Hosting

Resources

Blog

Videos

Events

APIConnect

WhitepapersNew

Looking Glass

Company

About Us

CareersNew

Awards & Honours

Become a hosting Partner of NetShop ISP

Contact Us

#letushostyou

Award Winning Hosting Provider with a Customer-centric approach to Business and an Open Source Mindset regarding Solutions and Products Development.

Est. 2004, Larnaca – Cyprus


About

Legal Address: 2A, Marathonos, Livadhia, 7060, Cyprus

Operations Office: 120, Faneromenis Avenue, Imperial Tower, 2nd Floor, Larnaca, 6031, Cyprus

Company Reg: HE 217340
EU VAT Number: CY10217340J
ISO 9001:2015: No. QS.21.038

International Phone: +357 2425 0808