CentOS Stream 10: Add User Accounts

To add user accounts on CentOS Stream Server, configure like follows.

Add a User

For example, add the centos user:

useradd centos
passwd centos

Changing password for user centos.
New UNIX password:              # input any password you'd like to set
Retype new UNIX password:       # confirm
passwd: all authentication tokens updated successfully.

Switch to Root

If you'd like to switch to root account from a user added above, use the su command:

localhost login: centos         # login username
password:                       # input user password

su -

Password:                       # input root password
[root@localhost ~]#             # just switched to root

Restrict su Command

To limit users who can run su, configure as follows. Only users in the wheel group can run su:

usermod -aG wheel centos

Edit /etc/pam.d/su and uncomment the following line:

vi /etc/pam.d/su

#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
# uncomment the following line
auth            required        pam_wheel.so use_uid
auth            substack        system-auth
auth            include         postlogin
account         sufficient      pam_succeed_if.so uid = 0 use_uid quiet
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         optional        pam_xauth.so

Verify with a user not in the allowed group:

[redhat@localhost ~]$ su -
Password:
su: Permission denied     # denied normally

Remove a User

Remove a user account (only the user account):

userdel centos

Remove a user account and their home directory:

userdel -r centos