RHCSA Practical Lab Series – Configuring Passwordless Sudo Access

Expertise in Cloud, Networking & DevOps
Photo by Markus Spiske / Unsplash

πŸ” Lab 15: Granting a User Group Sudo Privileges Without a Password

πŸ“Œ Objective

In this lab, you will:

βœ” Allow members of a specific user group (adminops) to use sudo without a password
βœ” Modify the sudoers file using visudo
βœ” Verify that the configuration works correctly


πŸ“Œ Step 1: Open and Edit the sudoers File

πŸ”Ή Launch the visudo editor to safely edit sudo configurations:

[root@node1 ~]# visudo

πŸ“Œ Why use visudo?

  • It prevents syntax errors that could lock you out of administrative access.
  • It validates changes before applying them.

βœ… Locate the following line in the editor:

## Allow members of group wheel to execute any command
%wheel  ALL=(ALL)       ALL

πŸ”Ή Add a new line to grant passwordless sudo access to adminops:

%adminops  ALL=(ALL)  NOPASSWD: ALL

πŸ“Œ Explanation:

  • %adminops β†’ Applies to all users in the adminops group.
  • ALL=(ALL) β†’ Grants full administrative privileges.
  • NOPASSWD: ALL β†’ Allows sudo without requiring a password.

βœ… Save and exit the editor (Ctrl+X, then Y and Enter).


πŸ“Œ Step 2: Create the adminops Group and Add Users

πŸ”Ή Create the group if it doesn't already exist:

[root@node1 ~]# groupadd adminops

πŸ”Ή Add users (alex, jordan, sam) to the group:

[root@node1 ~]# usermod -aG adminops alex
[root@node1 ~]# usermod -aG adminops jordan
[root@node1 ~]# usermod -aG adminops sam

πŸ“Œ Explanation:

  • -aG β†’ Appends the user to an additional group (adminops).

βœ… Verify group membership:

[root@node1 ~]# id alex

πŸ”Ή Expected Output:

uid=1002(alex) gid=1002(alex) groups=1002(alex),1003(adminops)

βœ… If adminops appears, the user is successfully added.


πŸ“Œ Step 3: Verify Passwordless Sudo Access

πŸ”Ή Switch to a user in the adminops group:

[root@node1 ~]# su - alex

πŸ”Ή Run a privileged command using sudo:

[alex@node1 ~]$ sudo cat /etc/shadow

πŸ“Œ Expected Output:

root:$6$abcdefg123$xyzhashedpassword:18793:0:99999:7:::
...

βœ… If the command executes without prompting for a password, the setup is successful!


πŸ“Œ Step 4: Troubleshooting & Validation

πŸ”Ή If prompted for a password, recheck the sudoers file:

[root@node1 ~]# cat /etc/sudoers | grep adminops

πŸ”Ή Ensure the line is correctly formatted:

%adminops  ALL=(ALL)  NOPASSWD: ALL

πŸ”Ή If a user is denied sudo access, check their group membership:

[root@node1 ~]# id alex

βœ… Reboot the system and confirm the settings persist after restart:

[root@node1 ~]# reboot

βœ… Final Summary

βœ” Configured passwordless sudo access for the adminops group
βœ” Added specific users (alex, jordan, sam) to the group
βœ” Verified that users can run sudo commands without a password
βœ” Ensured changes persist across reboots


πŸ“Œ Next Lab: Resetting the Root Password in RHEL 9

πŸ“© Subscribe for more RHCSA exam labs and hands-on tutorials! πŸš€


Read more