Introduction
When you create a new Linux server, you will first use the root user. The root user is an administrative Linux user with the highest privileges. When you use it, you can make any changes, even very destructive changes.
Due to its highest privileges and account availability in all Linux OS, the root account is one of the main attack targets. Because of that, it's discouraged to use the root account regularly.
This tutorial will explain what is a sudo user, how to create a normal user, and make it a sudo user for regular use.
What is a Sudo User?
A sudo (short for "superuser do") is a command that allows a normal user to execute administrative tasks, such as:
- Install and delete application
- Change OS and application config
- Grant users or groups of users the ability to run certain commands
- so on.
If something breaks, you can find all commands and arguments executed using sudo in /var/log/auth.log
.
A sudo user is a normal user that can execute a sudo command. To do this, you must add the normal user to the sudo system group.
Prerequisites
To follow along with this tutorial, you will need:
- A Linux server with root access.
Once you have this, log in to the server using SSH as root.
Conventions
For consistency, this tutorial uses the following conventions:
- This tutorial will create a new user called syam, but you should replace that with your real username.
- Command beginning with
#
is executed by root. - Command beginning with
$
is executed by a normal or sudo user.
When you create a user, Linux will ask for a password. Follow these tips to create a secure password.
- Use a combination of numbers, uppercase, lowercase, and symbol
- Password is at least 16 characters in length
- Use a password manager to generate a long random password and save it.
- Use unique password
Create a Sudo User on Debian & Ubuntu
You can add a new user in Debian & Ubuntu OS using the below command:
# adduser syam
You will be asked a few questions, such as password, full name, room number, and so on. Enter a strong password. The rest of the questions are optional, you can fill in any additional information that you like. You can skip any question by pressing the ENTER button.
Now, you have a new user account with regular privileges. This account cannot run administrative tasks as the root user yet. To do it, you can change your new user account into a superuser by giving it root privileges. These privileges will allow your new user account to run the administrative task by putting the word sudo
before the command.
To change your new user account into a superuser, run the below command as root (substitute the username syam with your actual user account):
# usermod -aG sudo syam
You can now run administrative commands using your new user account. To verify it, switch to your new user.
# su syam
After that, try to run administrative tasks such as updating your package repository. Type your password (for security reasons, your server won't show anything when you type it). Once done, press ENTER
.
$ sudo apt update
Create a Sudo User on FreeBSD
Once you're logged in as root, you need to install sudo
because
The new FreeBSD server comes with minimal requirements for it to operate. Before you can use the sudo
command, you need to install it. You can install sudo
from the port collection.
# cd /usr/ports/security/sudo/
# make install clean
Alternatively, you can install the sudo
package using pkg. If pkg is not installed, FreeBSD will ask for permission to install it. Press y and then ENTER to install it.
# pkg install sudo
After that, create a new user using the below command. Remember to change syam with your actual user.
# adduser syam
Answer all the questions asked. Remember to type in a strong password. Besides the password, all the questions are optional. You can skip it by pressing the ENTER button.
Next, add the user you just created to the wheel group. This group limits who can use sudo
to become root.
# pw group mod wheel -m syam
Once done, you need to edit the sudoers file. Since it's a core file, always use visudo
when you edit it. The visudo
utility will check and warn you if there's an error in the sudoers file before saving it.
# visudo
Never edit
/etc/sudoers
directly because errors in the sudoers file can break your system. Always usevisudo
to do it. Thevisudo
utility will do syntax checking and inform you if there's any error before saving your changes to the sudoers file.
After that, look for the wheel group. Remove the #
to enable it. It should look like this after you remove the #
.
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
To exit vi, press ESC, then followed by :wq
, then press ENTER.
Finally, switch to the sudo user you just created.
su - syam
Try to run administrative tasks using the sudo user.
sudo pkg update
Create a Sudo User on Rocky Linux
Coming soon ...
Top comments (0)