Setting up the normal user account on Debian GNU/Linux to use sudo.

Setting up the normal user account on Debian GNU/Linux to use sudo

Setting up your normal user account on Debian to use the sudo command instead of the su command is very simple.

This is the contents of my /etc/sudoers file. This line:

neo ALL=(ALL:ALL) ALL

Is the one that defines our normal user as part of the sudoers file. This string will allow the user to execute commands with root privileges, but will ask for the users password before the access is granted. That is how Ubuntu is set up and that is the best way to use the sudo command. You can set this up to not ask for a password when you run the sudo command, but that is a very bad idea. The below line illustrates how this is achieved, but I would not do this, you could accidentally run a command as sudo and it would run without prompting you.

neo ALL = NOPASSWD: ALL
</code>
 
The man sudoers command will display a huge amount of information about the sudoers file and how to write one. The <strong>visudo</strong> command is there so that the <strong>/etc/sudoers</strong> file may be verified before it is committed back to disk after editing. NEVER edit this file directly! If you make a mistake you could lock out the root user and then you would need to recover your system. Booting from a live CD and fixing the file that way would work, best to use the <strong>visudo</strong> command and study the <strong>/etc/sudoers</strong> manual page to learn the proper syntax, then you will have no problems with setting up your users. There are ways to allow certain users to access some parts of your system that are necessary for their work whilst locking them out of others. This is a very powerful system, allowing certain users to access some devices attached to the system like printers and others having other privileges. That is why Linux is so flexible.
 
<pre lang="bash">
neo@deusexmachina:/etc$ sudo cat /etc/sudoers
[sudo] password for neo: 
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
# Host alias specification
 
# User alias specification
 
# Cmnd alias specification
 
# User privilege specification
root	ALL=(ALL:ALL) ALL
 
# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL
neo	ALL=(ALL:ALL) ALL
 
# See sudoers(5) for more information on "#include" directives:
 
#includedir /etc/sudoers.d

No comments have been made. Use this form to start the conversation :)

Leave a Reply