RHCSA Practical Lab Series β Configuring Passwordless Sudo Access
π Lab 15: Granting a User Group Sudo Privileges Without a Password
π Objective
In this lab, you will:
β Allow members of a specific user group (adminops
) to use sudo
without a password
β Modify the sudoers file using visudo
β Verify that the configuration works correctly
π Step 1: Open and Edit the sudoers File
πΉ Launch the visudo
editor to safely edit sudo configurations:
[root@node1 ~]# visudo
π Why use visudo
?
- It prevents syntax errors that could lock you out of administrative access.
- It validates changes before applying them.
β Locate the following line in the editor:
## Allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
πΉ Add a new line to grant passwordless sudo access to adminops
:
%adminops ALL=(ALL) NOPASSWD: ALL
π Explanation:
%adminops
β Applies to all users in the adminops group.ALL=(ALL)
β Grants full administrative privileges.NOPASSWD: ALL
β Allowssudo
without requiring a password.
β
Save and exit the editor (Ctrl+X
, then Y
and Enter
).
π Step 2: Create the adminops
Group and Add Users
πΉ Create the group if it doesn't already exist:
[root@node1 ~]# groupadd adminops
πΉ Add users (alex
, jordan
, sam
) to the group:
[root@node1 ~]# usermod -aG adminops alex
[root@node1 ~]# usermod -aG adminops jordan
[root@node1 ~]# usermod -aG adminops sam
π Explanation:
-aG
β Appends the user to an additional group (adminops
).
β Verify group membership:
[root@node1 ~]# id alex
πΉ Expected Output:
uid=1002(alex) gid=1002(alex) groups=1002(alex),1003(adminops)
β
If adminops
appears, the user is successfully added.
π Step 3: Verify Passwordless Sudo Access
πΉ Switch to a user in the adminops
group:
[root@node1 ~]# su - alex
πΉ Run a privileged command using sudo
:
[alex@node1 ~]$ sudo cat /etc/shadow
π Expected Output:
root:$6$abcdefg123$xyzhashedpassword:18793:0:99999:7:::
...
β If the command executes without prompting for a password, the setup is successful!
π Step 4: Troubleshooting & Validation
πΉ If prompted for a password, recheck the sudoers
file:
[root@node1 ~]# cat /etc/sudoers | grep adminops
πΉ Ensure the line is correctly formatted:
%adminops ALL=(ALL) NOPASSWD: ALL
πΉ If a user is denied sudo access, check their group membership:
[root@node1 ~]# id alex
β Reboot the system and confirm the settings persist after restart:
[root@node1 ~]# reboot
β Final Summary
β Configured passwordless sudo
access for the adminops
group
β Added specific users (alex
, jordan
, sam
) to the group
β Verified that users can run sudo commands without a password
β Ensured changes persist across reboots
π Next Lab: Resetting the Root Password in RHEL 9
π© Subscribe for more RHCSA exam labs and hands-on tutorials! π