RHCSA Practical Lab Series β Configuring Passwordless Sudo Access
π Lab 15: Granting a User Group Sudo Privileges Without a Password
π Objective
In this lab, you will:
β Allow members of a specific user group (adminops) to use sudo without a password
β Modify the sudoers file using visudo
β Verify that the configuration works correctly
π Step 1: Open and Edit the sudoers File
πΉ Launch the visudo editor to safely edit sudo configurations:
[root@node1 ~]# visudo
π Why use visudo?
- It prevents syntax errors that could lock you out of administrative access.
- It validates changes before applying them.
β Locate the following line in the editor:
## Allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
πΉ Add a new line to grant passwordless sudo access to adminops:
%adminops ALL=(ALL) NOPASSWD: ALL
π Explanation:
%adminopsβ Applies to all users in the adminops group.ALL=(ALL)β Grants full administrative privileges.NOPASSWD: ALLβ Allowssudowithout requiring a password.
β
Save and exit the editor (Ctrl+X, then Y and Enter).
π Step 2: Create the adminops Group and Add Users
πΉ Create the group if it doesn't already exist:
[root@node1 ~]# groupadd adminops
πΉ Add users (alex, jordan, sam) to the group:
[root@node1 ~]# usermod -aG adminops alex
[root@node1 ~]# usermod -aG adminops jordan
[root@node1 ~]# usermod -aG adminops sam
π Explanation:
-aGβ Appends the user to an additional group (adminops).
β Verify group membership:
[root@node1 ~]# id alex
πΉ Expected Output:
uid=1002(alex) gid=1002(alex) groups=1002(alex),1003(adminops)
β
If adminops appears, the user is successfully added.
π Step 3: Verify Passwordless Sudo Access
πΉ Switch to a user in the adminops group:
[root@node1 ~]# su - alex
πΉ Run a privileged command using sudo:
[alex@node1 ~]$ sudo cat /etc/shadow
π Expected Output:
root:$6$abcdefg123$xyzhashedpassword:18793:0:99999:7:::
...
β If the command executes without prompting for a password, the setup is successful!
π Step 4: Troubleshooting & Validation
πΉ If prompted for a password, recheck the sudoers file:
[root@node1 ~]# cat /etc/sudoers | grep adminops
πΉ Ensure the line is correctly formatted:
%adminops ALL=(ALL) NOPASSWD: ALL
πΉ If a user is denied sudo access, check their group membership:
[root@node1 ~]# id alex
β Reboot the system and confirm the settings persist after restart:
[root@node1 ~]# reboot
β Final Summary
β Configured passwordless sudo access for the adminops group
β Added specific users (alex, jordan, sam) to the group
β Verified that users can run sudo commands without a password
β Ensured changes persist across reboots
π Next Lab: Resetting the Root Password in RHEL 9
π© Subscribe for more RHCSA exam labs and hands-on tutorials! π
