Configuring sudo Access
- Log in to the system as the
rootuser. - Create a normal user account using the
useraddcommand. Replace USERNAME with the user name that you wish to create.#useraddUSERNAME - Set a password for the new user using the
passwdcommand.#passwdUSERNAME Changing password for user USERNAME. New password: Retype new password: passwd: all authentication tokens updated successfully. - Run the
visudoto edit the/etc/sudoersfile. This file defines the policies applied by thesudocommand.#visudo - Find the lines in the file that grant
sudoaccess to users in the groupwheelwhen enabled.## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL
- Remove the comment character (#) at the start of the second line. This enables the configuration option.
- Save your changes and exit the editor.
- Add the user you created to the
wheelgroup using theusermodcommand.#usermod-aGwheelUSERNAME - Test that the updated configuration allows the user you created to run commands using
sudo.- Use the
suto switch to the new user account that you created.#suUSERNAME- - Use the
groupsto verify that the user is in thewheelgroup.$groupsUSERNAME wheel - Use the
sudocommand to run thewhoamicommand. As this is the first time you have run a command usingsudofrom this user account the banner message will be displayed. You will be also be prompted to enter the password for the user account.$sudowhoamiWe trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for USERNAME: rootThe last line of the output is the user name returned by thewhoamicommand. Ifsudois configured correctly this value will beroot.
You have successfully configured a user with
sudo access. You can now log in to this user account and use sudoto run commands as if you were logged in to the account of the root user.
No comments:
Post a Comment