tutorials questions & answers
by

Enabling sudo for your user on Ubuntu 17.04 and CentOS 7.4

TAGS:
  • ubuntu
  • centos
  • sudo
  • security
  • setup

Introduction

Accessing your VPS server directly with a root user is considered to be an unsecure method. If you work from the root user all the time, you can easily make a small mistake and render hours ( if not all ) of your work useless. The preferred method of working with your server is setting up an unpriveleged user + setting up sudo for it, so you generally monitor and work with your server using non-priveleged access and only execute specific commands with a super user access, or sudo. Sudo means "substitute user and do", so basically it allows your user to execute a command from another user. By default sudo is running commands from root user, however you may use it to run command from another unpriveleged user as well. Default configuration file for sudo is /etc/sudoers Many systems approach a more secure control mechanism, by letting only an unpriveleged user to login, and, then, running commands, requiring priveleged access by executing sudo.

simple usage

yum is a good example of command, that is executed from a priveleged user. to install mc package with a priveleged access simply run

sudo yum install mc

You will be prompted to enter password ( if passwordless sudo is not set up ), and command will be executed by root user. You can also edit the file, accessible only by root, with the help of sudo, for example

sudo vi /etc/resolv.conf

Prerequisites

1) Centos or Ubuntu Linux system 2) Basic knowledge of Linux commands and file editing

Ubuntu 17.04

Ubuntu system out of the box, allows sudo for all users in sudo group. To confirm you may simply run

cat /etc/sudoers |grep %sudo

and see the following string. ubuntusudo1

Let's create an unpriveleged user

run useradd <yourusername>

for test purposes i'll user a name "vpsuser", replace it with whatever you want after creation of the user, setup a password for it.

passwd <yourusername>

ubuntusudo2 add your user to sudo group with the command

usermod -a -G sudo <username>

ubuntusudo3 Now, if you were previously logged in with that user in the other windows, you need to relogin with it, to have changes applied. test that sudo is working

   sudo su -

enter your password and you should be logged in as root user ubuntusudo4 By default sudo is enabled with a password for your user, if you want to setup a passwordless sudo access, just edit /etc/sudoers so that string, starting with %sudo looks like

cat /etc/sudoers |grep %sudo
%sudo   ALL=(ALL) NOPASSWD: ALL

ubuntusudo5 Now you can use sudo without a password ubuntusudo6 Warning: I do not recommed enabling access to sudo without a password

Centos 7.4

Process is Centos is very similar to Ubuntu with a minor differencies. By default Centos systems allow sudo access to user in wheel group. To confirm it run

cat /etc/sudoers |grep %wheel

centossudo1 create an unpriveleged user

useradd <username>

for test purposes i'll use a name "vpsuser", replace it with whatever you want After creation of user, change password for it

passwd <username>

centossudo2

Add user to %wheel group

usermod -a -G wheel <username>

centossudo3 If you were previously logged in with that user, relogin with it, so that settings are applied Check that sudo is available for that user. run sudo su - and enter user password on demand. By default password is required, to enable password-less access ( which is not recommended ), edit /etc/sudoers so that %wheel string looks like this

cat /etc/sudoers |grep %wheel

centossudo4 You can also instead of previous step just uncomment

%wheel        ALL=(ALL)       NOPASSWD: ALL string

and comment

wheel        ALL=(ALL)       ALL

Warning: I do not recommed enabling access to sudo without a password

Conclusion

Now you know how to setup a sudo for your user on Centos and Ubuntu and run your commands using sudo. Consider this a safer option, compared to always working as root user, and better spend a couple of minutes to setup an unpriveleged user and sudo for it.

comments (0)

    leave comment

    Please choose login or register to comment in this thread.

    Start now for as low as $5 a month!

    • 8 Characters
    • 1 Uppercase Atleast
    • 1 Number Atleast