CentOS 7 add new user with root privileges

The way CentoOS grants root(all) privileges to a user is by putting them in the wheel group. This is what happens when you make a user account and select the box that makes that user an Administrator.

You can put a user in a group with:

sudo usermod -aG wheel username

To disable an account from logging in, including the root account you can lock it by setting a non usable password.

sudo passwd -l username


I am reading this tutorial, and trying to create a new user with root privileges and then block root access via ssh in a CentOS 7 server. The problem is that the new user is blocked from doing root actions like nano /etc/sudoers. Also, I seem unable to remove the block of root login. So my pre-existing open root session is the only access I have to root functionality until it terminates. How can I successfully add root permissions to the newuser? And how can I successfully turn on/off root login?

  1. Strictly speaking, the real use of sudo is to configure the execution of certain specific commands to certain specific users or groups. The way sudo is distributed and configured in some distributions can be somewhat misleading because to become the root user, we can just type su - without involving sudo. This requires the entry of the password for the user, root, and not the user's password. So you could have used this.
  2. Try to never use anything except visudo to directly edit /etc/sudoers. Otherwise you could break authentication altogether until you change its permissions back to 0400 (which you cannot do after you log out without utilizing a rescue system of some sort). (The editor used by visudo can be controlled by the VISUAL environment variable. To use it with nano, one option is VISUAL=nano visudo.)
  3. The new user already can become root (point 1), but to let this user become root though sudo, just add the user to the right group. On CentOS 7, the traditional group name of wheel was used to allow members of that group to become root via sudo: usermod -a -G wheel codemedic. Use man usermod for more details. You can determine this group name by reading the configuration file: cat /etc/sudoers.
  4. To deny access to root via SSH, edit /etc/ssh/sshd_config and make sure that only one uncommented instance of PermitRootLogin is available and set it to a value of no: PermitRootLogin no. Save the file and restart the Secure Shell daemon: systemctl restart sshd.

Note that I edited /etc/sudoers because /usr/sbin/visudo did not work.

How does visudo not work?


These steps worked for me.

Add user:

useradd user

Add password:

passwd user

Add following line to the /etc/sudoers file by using the command visudo:

user ALL=(ALL)       ALL

or, for becoming root without having to enter a password,

ALL ALL=(ALL) NOPASSWD:ALL

Then, switch to that user

su user

and ask for root privileges:

sudo su - 

Enter password for new user:

[sudo] password for user: