Enabling Sudo Access for Your User on Ubuntu 17.04 and CentOS 7.4
Overview
Accessing your VPS server directly with a root user is considered an insecure method. Constantly working as the root user increases the risk of making small mistakes that could lead to hours of lost work, if not more.
The recommended approach is to create an unprivileged user and set up sudo for it. This way, you can monitor and interact with your server using non-privileged access most of the time and only execute specific commands with superuser access when necessary. Sudo stands for “substitute user and do,” allowing your user to execute a command from another user. By default, sudo runs commands from the root user, but it can also be configured to run commands from other unprivileged users.
The default configuration file for sudo is /etc/sudoers. Many systems adopt a more secure control mechanism by only allowing an unprivileged user to log in and then running commands that require privileged access through sudo.
Basic Application
`yum` is a good example of a command that is executed with privileged access. To install the `mc` package with privileged access, simply run:
sudo yum install mc
You will be prompted to enter the password (if passwordless sudo is not set up), and the command will be executed by the root user. You can also edit files that are accessible only by root with the help of sudo. For example:
sudo vi /etc/resolv.conf
Requirements
- A Linux system running CentOS or Ubuntu.
- Basic knowledge of Linux commands and file editing.
Ubuntu 17.04
On an Ubuntu system out of the box, sudo access is typically granted to all users in the sudo group. To confirm, you can simply run:
cat /etc/sudoers |grep %sudo
and check for the following string.
Let’s create an unprivileged user.
Run useradd
for test purposes; I’ll use the name “vpsuser.” Replace it with your preferred username after creating the user. Set up a password for it.
passwd
Add your user to the sudo group by using the following command:
usermod -a -G sudo
Now, if you were previously logged in with that user in other terminal windows, you need to re-login to apply the changes. Test that sudo is working:
sudo su -
Enter your password, and you will be logged in as the root user.
By default, sudo is enabled with a password for your user. If you want to set up passwordless sudo access, just edit `/etc/sudoers` so that the string starting with `%sudo` looks like:
cat /etc/sudoers |grep %sudo
%sudo ALL=(ALL) NOPASSWD: ALL
Now you can use sudo without entering a password.
Warning: I do not recommend enabling access to sudo without a password for security reasons. This practice poses potential risks to your system’s integrity and should be avoided unless absolutely necessary.
Centos 7.4
The process on CentOS is very similar to Ubuntu with minor differences. By default, CentOS systems allow sudo access to users in the wheel group. To confirm, run:
cat /etc/sudoers |grep %wheel
Create an unprivileged user:
useradd
For test purposes, I’ll use the name “vpsuser.” Replace it with your preferred username. After creating the user, set a password for it.
passwd
Add the user to the `%wheel` group:
usermod -a -G wheel
If you were previously logged in with that user, relogin with it so that the settings are applied. Check that sudo is available for that user by running `sudo su -` and entering the user password on demand. By default, a password is required. To enable password-less access (which is not recommended for security reasons), edit `/etc/sudoers` so that the `%wheel` string looks like this:
cat /etc/sudoers |grep %wheel
You can also, instead of the previous step, just uncomment the line:
%wheel ALL=(ALL) NOPASSWD: ALL string
and comment:
wheel ALL=(ALL) ALL
Warning: I do not recommend enabling access to sudo without a password for security reasons. This practice poses potential risks to your system’s integrity and should be avoided unless absolutely necessary.
In Summary
Now you know how to set up sudo for your user on both CentOS and Ubuntu, allowing you to run commands with elevated privileges. Consider this a safer option compared to always working as the root user. Take a few minutes to set up an unprivileged user and configure sudo for it, enhancing the security of your system.