Table of Contents
Introduction
The sudo command provides a way to grant selected administrative privileges, which are normally limited to the root user, to regular user accounts. This guide shows you how to create a new user with sudo access on Rocky Linux, without having to modify your server's /etc/sudoers file.
Note: This tutorial has been tested on Rocky Linux versions 8, 9, and 10. The commands use standard tools like adduser, passwd, and usermod that are available across the latest Rocky Linux releases.
Note: If you want to configure sudo for an existing Rocky Linux user, skip to step 3.
Key takeaways
- Use sudo instead of logging in as root: Create a non-root user and run administrative commands with
sudoso that routine work does not happen in a full root shell. - Rocky Linux grants sudo through the
wheelgroup: Any user you add to thewheelgroup can run commands withsudowithout you editing/etc/sudoersdirectly. - You only need a few commands:
- Log in as
root. - Run
adduserto create the account. - Run
passwdto set a password. - Run
usermod -aG wheelto grant sudo access.
- Always test new sudo access: Switch to the new user with
su - usernameand run a simple command such assudo whoamiorsudo ls -la /rootto confirm that sudo is working. - Harden SSH and networking afterwards: After you have a sudo enabled user, follow our guides on SSH Essentials, hardening the OpenSSH client, and setting up a firewall with UFW to further protect remote access.
Step 1: Logging into your server
SSH in to your server as the root user:
[environment local]
ssh root@<^>your_server_ip_address<^>
Use your server's IP address or hostname in place of <^>your_server_ip_address<^> above.
Step 2: Adding a new user to the system
Use the adduser command to add a new user to your system:
adduser <^>sammy<^>
Be sure to replace <^>sammy<^> with the username you'd like to create.
Use the passwd command to update the new user's password:
passwd <^>sammy<^>
Remember to replace <^>sammy<^> with the user that you just created. You will be prompted twice for a new password:
[secondary_label Output]
Changing password for user <^>sammy<^>.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Step 3: Adding the user to the wheel group
Use the usermod command to add the user to the wheel group:
usermod -aG wheel <^>sammy<^>
Once again, be sure to replace <^>sammy<^> with the username you'd like to give sudo privileges to. By default, on Rocky Linux, all members of the wheel group have full sudo access.
Step 4: Testing sudo access
To test that the new sudo permissions are working, first use the su command to switch from the root user to the new user account:
su - <^>sammy<^>
As the new user, verify that you can use sudo by prepending sudo to the command that you want to run with superuser privileges:
sudo <^>command_to_run<^>
For example, you can list the contents of the /root directory, which is normally only accessible to the root user:
sudo ls -la /root
The first time you use sudo in a session, you will be prompted for the password of that user's account. Enter the password to proceed:
[secondary_label Output]
[sudo] password for <^>sammy<^>:
Note: This is _not_ asking for the root password! Enter the password of the sudo-enabled user, not the root password.
If your user is in the proper group and you entered the password correctly, the command that you used with sudo will run with root privileges.
FAQs
1. How do I add a sudo user in Rocky Linux?
To add a sudo enabled user on Rocky Linux, create the account with adduser <^>sammy<^>, set a password with passwd <^>sammy<^>, then run usermod -aG wheel <^>sammy<^> as root. These steps work on Rocky Linux 8, 9, and later and match the commands used in this quickstart.
2. What group grants sudo access on Rocky Linux?
On Rocky Linux, membership in the wheel group controls who can use sudo by default. The /etc/sudoers configuration grants full administrative privileges to users in wheel, so you usually only need to add users to this group instead of editing the file directly.
3. How can I verify that a user has sudo privileges?
First, check group membership with id <^>sammy<^> or groups <^>sammy<^> and confirm that wheel is listed. Then switch to the account and run a simple command such as sudo whoami; if the command prints root after you enter the user password, sudo is configured correctly.
4. What does "user is not in the sudoers file" mean on Rocky Linux?
This message indicates that the account is not allowed to use sudo, usually because it is not in the wheel group or the sudo configuration has been changed. To fix it, log in as root or another sudo enabled user, add the account to wheel with usermod -aG wheel <^>sammy<^>, then log out and back in so the new group membership takes effect.
5. Can I create a sudo user without disabling the root account?
Yes, creating a sudo enabled user does not disable the root account. For better security, it is common to keep root available for recovery while using a sudo user for daily work and pairing this with SSH hardening and firewall rules as described in our SSH and UFW tutorials linked above.
Conclusion
In this quickstart tutorial you created a new user account and added it to the wheel group to enable sudo access on Rocky Linux. For more detailed information on preparing a Rocky Linux server, read our Initial Server Setup with Rocky Linux tutorial, and for a broader overview of this pattern across distributions, see the How To Add a Sudo-Enabled User collection.
