Sudoing a user in centOS

Adaministrator

Guten Morgen!

So if I want to use my user account in centOS to do anything administrative I have to add it to the sudoers file.

Since ML seems to be very centOS driven I thought I would ask, do you guys root in to work on a machine, or do you have a sudoed user?

Any dangers involved in a sudoed account?

Thanks!

aidan_walsh

I always use my own account with sudo.

If anything sudo is safer. You have better accountability as to who made what change in a multi-administrator environment, and you can limit what access a sudo user has (what applications they are able to elevate).

coliver

Nope, don't use root to do administration. Don't add the user to the sudoers file just add them to the wheel group.

DustinB3403

@aidan_walsh pretty much answered it, use your own account, and elevate to sudo if you need it.

Using the "root" account leads to "who did it" questions.

coliver

If you need root access just do sudo su. That way anything you do in that elevated prompt will be recorded as your user.

Adaministrator

@aidan_walsh @DustinB3403 Thanks guys

@coliver thanks, I had been using sudo -i, which doesn't work in centos with no entry in the sudoers file. Any other reasons not to use root if only one admin is managing the box?

brianlittlejohn

@Adaministrator Its just bad practice.

coliver

@Adaministrator said in Sudoing a user in centOS:

@aidan_walsh @DustinB3403 Thanks guys

@coliver thanks, I had been using sudo -i, which doesn't work in centos with no entry in the sudoers file. Any other reasons not to use root if only one admin is managing the box?

Bad practice. With sudo you often have to confirm your actions. It gives you a chance to change the command if you - a switch or rm -f /.

I think @scottalanmiller has an article about the dangers of running as root.

coliver

If you join the wheel group you don't need to make an entry in the sudoers file. Wheel is the administrators/sudo group.

Adaministrator

@brianlittlejohn thanks, yes I have heard this before, but I still don't understand why. Obviously you don't run a machine as root to work on documents and email. Only ever to make administrative changes to it. Never really got or found a direct answer to this question.

Edit because I was slower than @coliver: Got it, I will check that out, thanks!

scottalanmiller

To use sudo on CentOS you...

• Add the appropriate users to the wheel group in /etc/group

• Uncomment the following line in /etc/sudoers

  %wheel ALL=(ALL) NOPASSWD: ALL

dafyre

@scottalanmiller said in Sudoing a user in centOS:

To use sudo on CentOS you...

• Add the appropriate users to the wheel group in /etc/group

• Uncomment the following line in /etc/sudoers

  %wheel ALL=(ALL) NOPASSWD: ALL

Does that allow the user to sudo without having to enter a password?

scottalanmiller

@dafyre said in Sudoing a user in centOS:

@scottalanmiller said in Sudoing a user in centOS:

To use sudo on CentOS you...

• Add the appropriate users to the wheel group in /etc/group

• Uncomment the following line in /etc/sudoers

  %wheel ALL=(ALL) NOPASSWD: ALL

Does that allow the user to sudo without having to enter a password?

Correct.