9. Manage Users and Groups
πRed Hat Certified System Administrator (RHCSA β EX200)
1. What is Privileged Access?
Privileged access means allowing a normal user to run commands with administrator (root) permissions.
In Linux, the root user has full control over the system. However, using root directly is not recommended for security reasons.
Instead, systems use:
sudo(Superuser Do) β allows controlled root access
2. Why Use sudo?
Using sudo is important because:
- Avoids logging in directly as root
- Provides controlled access to administrative commands
- Tracks user activity (logging)
- Reduces risk of system damage
3. The sudo Command
Basic Syntax:
sudo <command>
Example:
sudo systemctl restart httpd
This runs the command as root.
4. sudo Configuration File
The main configuration file:
/etc/sudoers
β οΈ Important Rule (Exam Critical):
Never edit this file directly with a normal editor.
Use:
visudo
Why visudo?
- Checks syntax before saving
- Prevents configuration errors
- Protects system from lockout
5. Structure of sudoers File
A typical entry looks like:
user ALL=(ALL) ALL
Meaning:
| Field | Description |
|---|---|
| user | Username |
| ALL (1) | Host |
| (ALL) | Run as which user |
| ALL (2) | Commands allowed |
6. Granting Privileged Access
6.1 Give Full sudo Access to a User
visudo
Add:
john ALL=(ALL) ALL
Now user john can run any command using sudo.
6.2 Allow User Without Password
john ALL=(ALL) NOPASSWD: ALL
User can run sudo without entering a password.
6.3 Allow Specific Commands Only
john ALL=(ALL) /usr/bin/systemctl restart httpd
User can only restart the HTTP service.
7. Using Groups for Privileged Access
Instead of configuring each user, assign permissions to a group.
Example:
%admin ALL=(ALL) ALL
%indicates a group- All users in admin group get sudo access
Add User to Group:
usermod -aG admin john
8. Wheel Group (Very Important for RHCSA)
In Red Hat systems, the wheel group is commonly used for sudo access.
Enable wheel group in sudoers:
visudo
Uncomment:
%wheel ALL=(ALL) ALL
Add user to wheel group:
usermod -aG wheel john
Now the user can use sudo.
9. Check sudo Access
Switch user:
su - john
Test:
sudo whoami
Expected output:
root
10. Logging of sudo Activities
All sudo actions are logged.
Log file:
/var/log/secure
This helps track:
- Who ran commands
- What commands were executed
- When they were executed
11. Important sudo Options
List allowed commands:
sudo -l
Run command as another user:
sudo -u user <command>
Switch to root shell:
sudo -i
12. Security Best Practices (Exam + Real IT Use)
- Do NOT share root password
- Use sudo instead of direct root login
- Grant minimum required permissions
- Avoid
NOPASSWDunless necessary - Use groups instead of individual users
- Always edit sudoers with
visudo
13. Common Mistakes (Very Important for Exam)
- Editing
/etc/sudoerswithoutvisudo - Wrong syntax in sudoers file
- Forgetting
%for groups - Not adding user to correct group
- Not testing sudo access after configuration
14. Typical RHCSA Exam Tasks
You may be asked to:
- Grant sudo access to a user
- Configure access using the wheel group
- Allow specific commands only
- Configure password-less sudo
- Verify user permissions
15. Quick Summary
- sudo provides controlled root access
- Configuration file:
/etc/sudoers - Always use:
visudo - Use wheel group for admin access
- Assign least privilege needed
- Test configuration after setup
