Method 2 – creating an entry in the sudo policy file

Okay, adding users to either the wheel group or the sudo group works great if you're either just working with a single machine or if you're deploying a sudo policy across a network that uses just one of these two admin groups. But what if you want to deploy a sudo policy across a network with a mixed group of both Red Hat and Ubuntu machines? Or what if you don't want to go around to each machine to add users to an admin group? Then, just create an entry in the sudo policy file. You can either create an entry for an inpidual user or create a user alias. If you do sudo visudo on your CentOS virtual machine, you'll see a commented-out example of a user alias:

# User_Alias ADMINS = jsmith, mikem

You can uncomment this line and add your own set of usernames, or you can just add a line with your own user alias. To give members of the user alias full sudo power, add another line that would look like this:

ADMINS ALL=(ALL) ALL

It's also possible to add a visudo entry for just a single user, and you might need to do that under very special circumstances. For example:

frank ALL=(ALL) ALL

But for ease of management, it's best to go with either a user group or a user alias.

The sudo policy file is the /etc/sudoers file. I always hesitate to tell students that because every once in a while I have a student try to edit it in a regular text editor. That doesn't work though, so please don't try it. Always edit sudoers with the command, sudo visudo.