How to remove sudo privileges from a user in CentOS 7?

Question

I have root and one other user on my CentOS machine. With other user i can use sudo to perform most of the administrative tasks. Now, I want to take this privilege from this user, So that it can not use sudo anymore.

Does anyone have an idea how to implement that?

Answer 1

You can use the below command:

gpasswd -d UserName wheel

after that you can see the below output:

Removing user UserName from group wheel

The above command will delete the user called "UserName" from the "wheel" group. Please note that the user is not entirely deleted from the system. We removed the sudo privileges only.

Now, you can check that the UserName can't perform a sudo operation with the below command:

sudo -l -U UserName

So, if you see the below output then you could take sudo privileges from "UserName":

User UserName is not allowed to run sudo on centos

Answer 2

One way to achieve that on Centos is by performing the following 2 steps:

1. Firstly, you have to remove any mention of the aforementioned user (the one for which you do not want any sudo privileges) from the /etc/sudoers file or (if it exists) from any file under the /etc/sudoers.d path.
2. Secondly, you must remove the user from the wheel group in /etc/group.
3. (Optional) Finally reboot.

e.g.:

• For user centos sudo vim /etc/sudoers or sudo vim /etc/sudoers.d/90-cloud-init-users and remove or comment something like centos ALL=(ALL) NOPASSWD:ALL (save and quit afterwards).
• Then sudo vim /etc/group and change the line wheel:x:10:centos to wheel:x:10: (save and quit afterwards).
• (Optional) Finally sudo reboot.

Hope that helps!