Create a Sudo User on OpenBSD
source link: https://www.vultr.com/docs/create-a-sudo-user-on-openbsd
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Using a Different System?
- Create a Sudo User on Ubuntu
- Create a Sudo User on CentOS
- Create a Sudo User on Fedora
- How to Use Sudo on Debian, CentOS, and FreeBSD
- Create a Sudo User on FreeBSD
- Create a Sudo User on Arch Linux
- Create a Sudo User on AlmaLinux
- Create a Sudo User on VzLinux
- Create a Sudo User on Rocky Linux
- Create a Sudo User on Debian
Introduction
Performing server administration as a non-root user is a best practice. For security, your first task when deploying a Fedora instance at Vultr is to create a non-root user with sudo access. This guide applies to the following versions:
- OpenBSD 6.6
- OpenBSD 6.7
Please see Introduction to doas on OpenBSD if you prefer to use doas
instead of sudo
.
1. Install Sudo
Install the binary sudo
package. Choose option 1 unless you know why you need another package.
# pkg_add sudo
quirks-3.187 signed on 2020-05-19T14:41:48Z
Ambiguous: choose package for sudo
a 0: <None>
1: sudo-1.8.31
2: sudo-1.8.31-gettext
3: sudo-1.8.31-gettext-ldap
Your choice: 1
sudo-1.8.31: ok
2. Add the Sudo User
Create a new user account for use with sudo, and set the password.
# useradd -m example_user
# passwd example_user
Changing password for example_user.
New password:
Retype new password:
3. Add User to the Wheel Group
The wheel group limits who can use su
to become root.
# user mod -G wheel example_user
4. Edit Sudoers File
Check the sudoers file with visudo
.
# visudo
Look for the wheel group. Remove the comment if the line is disabled. It should look like this when you are ready to save the file.
# Uncomment to allow people in group wheel to run all commands
# and set environment variables.
%wheel ALL=(ALL) SETENV: ALL
Save and exit vi. Type ESC, then :WQ, then ENTER.
Note: The visudo utility performs syntax checking before committing your edits to the file. A malformed sudoers file can break your system. Never edit /etc/sudoers directly. For example, if you make an error, you'll see this when exiting visudo.
visudo: >>> /etc/sudoers: syntax error near line 64 <<<
What now?
Options are:
(e)dit sudoers file again
e(x)it without saving changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)
5. Test
Switch to the new user.
# su - example_user
Verify you are the new user with whoami, then test sudo access with sudo whoami, which should return root.
$ whoami
example_user
$ sudo whoami
[sudo] password for example_user:
root
Conclusion
The new user account is ready to use. As a best practice, use this sudo user for server administration. You should avoid using root for maintenance tasks.
Want to contribute?
You could earn up to $600 by adding new articles
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK