How to Fix 'sudo Group Doesn't Exist' Error When Running usermod on CentOS 7: Create Sudo Group Correctly

Table of Contents#

Understanding the 'sudo Group Doesn't Exist' Error
Prerequisites
Step-by-Step Guide to Fix the Error
Troubleshooting Common Issues
Conclusion
References

1. Understanding the 'sudo Group Doesn't Exist' Error#

On Linux systems, sudo privileges are controlled by the /etc/sudoers file, which defines which users or groups can run commands as the root user. While Debian/Ubuntu systems use a sudo group by default (users in this group get sudo access), CentOS 7 (and RHEL, Fedora) uses the wheel group instead.

When you run usermod -aG sudo <username> on CentOS 7, the system throws an error because the sudo group does not exist. This is not a bug—it’s just a distribution-specific convention. However, if you prefer to use a sudo group (e.g., for consistency with other systems), you can manually create it and configure sudo to recognize it.

2. Prerequisites#

Before starting, ensure you have:

A CentOS 7 system (physical or virtual).
Root access: You’ll need to run commands as the root user (either directly or via su -).
Basic familiarity with the Linux terminal.

3. Step-by-Step Guide to Fix the Error#

3.1 Check if the sudo Group Exists#

First, confirm that the sudo group is indeed missing. Run this command as root:

getent group sudo

If the group exists, you’ll see output like:
sudo:x:1001: (the number may vary).
If the group does NOT exist, there will be no output. Proceed to the next steps.

3.2 Install Sudo (If Missing)#

Sudo is preinstalled on most CentOS 7 systems, but if it’s missing (e.g., minimal installations), install it first:

yum install sudo -y

Verify installation with:

sudo --version

You should see output like Sudo version 1.8.23 (version may vary).

3.3 Create the sudo Group#

To create the sudo group, use the groupadd command (run as root):

groupadd sudo

Verify the group was created:

getent group sudo

Output should now show:
sudo:x:1001: (the GID, or group ID, may differ on your system).

3.4 Configure sudoers to Recognize the sudo Group#

Next, you need to edit the /etc/sudoers file to grant privileges to the sudo group. Never edit /etc/sudoers directly—use visudo instead, as it checks for syntax errors before saving (critical for avoiding locked-out sudo access).

Run:

visudo

This opens the sudoers file in the default text editor (usually vi).

Navigating `vi` (for Beginners):#

Press i to enter "insert mode" (to type text).
Use arrow keys to navigate.
When done editing, press Esc to exit insert mode, then type :wq and press Enter to save and quit.

Add the sudo Group to sudoers:#

Look for a line near the bottom of the file that grants privileges to the wheel group (CentOS 7’s default). It may look like this (commented out or active):

## Allows people in group wheel to run all commands
# %wheel  ALL=(ALL)       ALL
 
## Same thing without a password
# %wheel  ALL=(ALL)       NOPASSWD: ALL

Add a new line below the wheel group lines to grant the sudo group full sudo access:

%sudo   ALL=(ALL)   ALL

Breakdown of the line:
- %sudo: Specifies the sudo group (the % denotes a group).
- ALL=(ALL): Allows the group to run commands on any host (ALL) as any user ((ALL)).
- ALL: Allows the group to run any command.

Save and Exit:#

Press Esc, type :wq, and press Enter to save changes. visudo will automatically check for syntax errors—if any, it will prompt you to fix them before exiting.

3.5 Add the User to the sudo Group#

Now, add your target user to the sudo group with usermod. Replace <username> with the actual username:

usermod -aG sudo <username>

The -aG flags:
- -a: Appends the user to the group (avoids removing them from other groups).
- -G: Specifies the group(s) to add the user to.

3.6 Verify Group Membership#

To confirm the user was added to the sudo group, run:

id <username>

Look for groups=...(sudo)... in the output. For example:

uid=1000(john) gid=1000(john) groups=1000(john),1001(sudo)

Alternatively, use:

groups <username>

Output: john : john sudo

3.7 Test Sudo Access#

Finally, test that the user can run commands with sudo.

Switch to the user:
```
su - <username>
```
Run a command with sudo (e.g., check the user ID as root):
```
sudo whoami
```
You’ll be prompted for the user’s password (unless you configured NOPASSWD in sudoers). Enter the password, and you should see:
root

If this works, the sudo group is configured correctly!

4. Troubleshooting#

If sudo still fails after following the steps, check these common issues:

Issue 1: Syntax Error in `/etc/sudoers`#

If you edited sudoers without visudo and introduced a syntax error, sudo will stop working. To fix this:

Log in as root directly (not via sudo).
Run visudo to edit the file and correct the error.

Issue 2: User Not in the sudo Group#

If id <username> doesn’t show sudo, re-run the usermod command:

usermod -aG sudo <username>

Then log out and back in as the user (group memberships update on login).

Issue 3: Sudo Group Not in `sudoers`#

Recheck /etc/sudoers with visudo to ensure the line %sudo ALL=(ALL) ALL exists and is uncommented.

Issue 4: Sudo Not Installed#

If sudo: command not found, reinstall sudo as root:

yum install sudo -y

5. Conclusion#

While CentOS 7 uses the wheel group for sudo access by default, you can easily create and configure a sudo group for consistency with other Linux distributions. By following this guide, you’ve:

Created the sudo group.
Configured sudoers to grant privileges to the sudo group.
Added a user to the sudo group.
Verified sudo access.

This ensures you can use the familiar usermod -aG sudo <username> command without errors.