DigitalOcean

Tutorial

How To Add and Delete Users on a CentOS 7 Server

Updated on March 10, 2022
How To Add and Delete Users on a CentOS 7 Server
Not using CentOS 7?Choose a different version or distribution.
CentOS 7

Introduction

When you first start using a fresh Linux server, adding and removing users is often one of the first things you’ll need to do. In this guide, you will learn how to create user accounts, assign sudo privileges, and delete users on a CentOS 7 server.

Prerequisites

To complete this tutorial, you will need:

  • A CentOS 7 server with a non-root sudo-enabled user. If you are logged in as root instead, you can drop the sudo portion of all the following commands. For guidance, please see our tutorial Initial Server Setup with CentOS 7.

Adding Users

Throughout this tutorial we will be working with the user sammy. Please substitute with the username of your choice.

You can add a new user by typing:

sudo adduser sammy

Next, you’ll need to give your user a password so that they can log in. To do so, use the passwd command:

sudo passwd sammy

You will be prompted to type in the password twice to confirm it. Now your new user is set up and ready for use! You can now log in as that user, using the password that you set up.

Note: if your SSH server disallows password-based authentication, you will not yet be able to connect with your new username. Details on setting up key-based SSH authentication for the new user can be found in step 4 of Initial Server Setup with CentOS 7.

Granting Sudo Privileges to a User

If your new user should have the ability to execute commands with root (administrative) privileges, you will need to give the new user access to sudo.

We can do this by adding the user to the wheel group (which gives sudo access to all of its members by default).

To do this, use the usermod command:

sudo usermod -aG wheel sammy

Now your new user is able to execute commands with administrative privileges. To do so, simply type sudo ahead of the command that you want to execute as an administrator:

sudo some_command

You will be prompted to enter the password of your user account (not the root password). Once the correct password has been submitted, the command you entered will be executed with root privileges.

Managing Users with Sudo Privileges

To see which users are part of the wheel group (and thus have sudo), you can use the lid function. lid is normally used to show which groups a user belongs to, but with the -g flag, you can reverse it and show which users belong in a group:

sudo lid -g wheel

Output
 sammy(uid=1001)

The output will show you the usernames and UIDs that are associated with the group. This is a good way of confirming that your previous commands were successful, and that the user has the privileges that they need.

Deleting Users

If you have a user account that you no longer need, it’s best to delete the old account.

If you want to delete the user without deleting any of their files, type:

sudo userdel sammy

If you want to delete the user’s home directory along with the user account itself, type:

sudo userdel -r sammy

With either command, the user will automatically be removed from any groups that they were added to, including the wheel group if they were given sudo privileges. If you later add another user with the same name, they will have to be added to the wheel group again to gain sudo access.

Conclusion

You should now have a good grasp on how to add and remove users from your CentOS 7 server. Effective user management will allow you to separate users and give them only the access that is needed for them to do their job. You can now move on to configuring your CentOS 7 server for whatever software you need, such as a LAMP or LEMP web stack.

For more information about how to configure sudo, check out our guide on how to edit the sudoers file.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors
Default avatar
Tony Tran

author

Default avatar
Josh Barnett

author

Still looking for an answer?

Ask a questionSearch for more help
Was this helpful?
 
5 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Comment
KFSys
Site Moderator
Site Moderator badge
November 5, 2024

Here is some info on sudoers and how to use it, why to use it and so on.

The sudoers file in Linux defines which users and groups have sudo privileges, specifying who can execute commands as the root user or another specified user. This file allows system administrators to control permissions and can be configured to include specific settings like passwordless sudo access and custom rules for commands.

Here’s a breakdown of the sudoers file, its usage, and customization options:

1. The Basics of sudoers Access

The main sudoers file is located at /etc/sudoers, and it’s edited using the visudo command:

visudo

Using visudo is recommended because it locks the file during editing and performs a syntax check, preventing configuration errors that could block sudo access.

In sudoers, each line defines rules with this structure:

<user_or_group> <host> = (<run_as_user>) <command>
  • <user_or_group>: Specifies the user (like username) or group (%groupname) to give sudo access.
  • <host>: Defines the host on which this rule applies (usually ALL).
  • <run_as_user>: Specifies the user as whom commands will run (often ALL to allow any user).
  • <command>: Defines allowed commands. Setting this to ALL allows any command.

Example

To grant sudo access to a user admin, the rule would look like:

admin ALL=(ALL) ALL

This allows admin to run any command as any user on any host.

2. Using sudoers.d for Modular Configuration

Rather than editing the main /etc/sudoers file directly, you can place configuration files in the /etc/sudoers.d directory. Files in this directory are loaded along with /etc/sudoers, which makes managing permissions easier and safer.

  1. Create a File in /etc/sudoers.d:
sudo visudo -f /etc/sudoers.d/username
  1. Add Rules in the New File:
username ALL=(ALL) ALL

Each file in /etc/sudoers.d should have only the specific rules you want to add or override. This approach is useful in multi-user or automated environments where different teams may need distinct permissions.

3. Granting Passwordless sudo Access

By default, users are prompted for a password when running a command with sudo. To allow passwordless sudo, add the NOPASSWD directive:

username ALL=(ALL) NOPASSWD: ALL

This allows username to execute any command without entering a password.

Limiting Passwordless Commands

You can restrict passwordless access to specific commands. For example, if you want username to restart the web server without a password:

username ALL=(ALL) NOPASSWD: /usr/sbin/service apache2 restart

This rule only applies to /usr/sbin/service apache2 restart and still requires a password for other commands.

4. Common sudoers Examples

Here are a few configurations you might find useful:

  • Granting Group Access: Use %groupname to apply rules to all users in a group. For example, to allow users in the developers group to run any command:
%developers ALL=(ALL) ALL

Limiting Commands for Security: Restrict access to specific administrative commands without allowing unrestricted sudo access:

username ALL=(ALL) /bin/systemctl restart nginx, /bin/systemctl restart apache2

Combining NOPASSWD with Limited Commands: For a safer setup, allow passwordless access only to a few commands:

username ALL=(ALL) NOPASSWD: /usr/sbin/reboot, /usr/sbin/poweroff

5. Testing and Verifying sudoers Configuration

After adding or modifying sudoers rules, it’s a good idea to test them by switching to the user and running a test command:

sudo -l

The sudo -l command lists available sudo privileges for the current user, helping verify that the configuration works as expected.

By using sudoers.d for modular rule management, NOPASSWD for controlled passwordless access, and group-based permissions, you can securely configure sudo privileges tailored to each user or team’s needs.

NicholasMeredithJuly 12, 2015

Tiny nit-pick, but on CentOS systems adduser is just a symlink to useradd:

# file $(which adduser)
/sbin/adduser: symbolic link to `useradd'

And various Debian-based distros have a custom script for adduser which behaves entirely differently to useradd:

# file $(which adduser)
/usr/sbin/adduser: a /usr/bin/perl script, ASCII text executable

So I always try and use useradd to keep things as consistent as possible, does anybody else find the same thing?

uxonithJune 3, 2015

This guide got me 90% of the way to adding a user with sudo privileges on the default centOS 6.6 install. I know the article is for centOS 7, but all I had to do to get my created user sudo access was:

visudo
...
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL <--- UNCOMMENT THIS LINE
daniellekwintApril 21, 2015

Thank you ! this was very helpful to resolve the issue that I had

kostasmanionisFebruary 24, 2015

I get this when I try to use sudo with the created user :(

sudo: effective uid is not 0, is sudo installed setuid root?

I can see the user when I run sudo lid -g wheel and it has UID=1000

Creative CommonsThis work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike 4.0 International License.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2024 DigitalOcean, LLC.Sitemap.