The interesting thing about your sudoers file is that you can edit it in a few different ways. Like say the difference between the Arch way and the Ubuntu way. Editing the sudoers file itself or using a command to do so, the job is rather painless. The importance of who has sudo privileges can really leave a system vulnerable. Be it from an inexperienced user or an outside threat model. You need to make sure you never add anyone to the list that does not need to have root privileges on your system. you may also want to edit what a user group can do. Meaning, you could have junior admins run a less privileged user than the senor admin. This is also something to keep in mind when running a distribution in a business setting.
So we will add users to the sudoers file in the Arch way and then the Ubuntu way. Then we will cover a few scenarios in which different degrees of privileges are needed. You don’t want every user to be able to edit the look and feel of the system.
The Arch community and similar communities, like Debian, will be able to use this section as your guide. You can decide if you want to use the wheel group or a group of your choosing. We have gone over this before in 5 Things to do IMMEDIATELY After Installing Arch Linux, which can be found here. We will go over something similar here to give you a few ways to edit the sudoers file. Make sure you are root for this, or you will need a user that already has sudo privileges.
useradd –mg wheel linux
Now we have added Linux to the users, while using the -mg switches to make the home directory as well as adding the Linux user to wheel group. We’ll need to edit our sudoers file to allow for Linux, the user, to make commands. You are welcome to use any editors you are accustomed to. For the sake of speed, we will use one that often is already pre-installed, vi.
This is where we differ from the mentioned blog. Since there is more than one way to do this. Though the command is different, the results are very similar. As we have access to the same sudoers file in which we need to edit.
As seen in the image, we are giving the wheel group or the group of your choice sudo/root execution capabilities. This will give the users in this group, Linux in this case, the ability to update the system or edit configuration files as needed. Now, let’s make sure to create a password for said user.
Now our user will work as expected. You may also want to edit what groups are able to do so that the privileges are appropriate for the user group itself.
Ubuntu, the company that wants to be proprietary and yet open source all at the same time. Their way of doing things is different. Somewhat user-friendly, but confusing if you like systems to have basic similarities, like the previous section. Love them or hate them, this is how you would do this on Ubuntu. Again, you will want to be root for this to work correctly.
We have added the user along with the home directories. We will want to add Linux the user to the sudo group now.
usermod -aG sudo linux
That is all that you need to do to add your user to the sudo group in this case. But we will show you how to do this manually as well. That way, you can know the tools that are needed to make a more detailed user privilege decision.
sudo nano /etc/sudoers
Now you can see the sudoers file, much the same as the previous section. Using nano to edit the file this time because tools are good to know. Here, you will notice there is no wheel group section. You can add a junior admin, a level appropriate to their experience. Let us know in the comments if you would like a blog about groups. Once you have added your user to the admin group, you can hit Ctrl o and enter to write to the file, then Ctrl x to exit the file. Now it is always good to add a password just as a good habit here. So, let us do that as before.
Now the Linux user should be able to use any command with the added warning of privilege elevation and a password prompt every time. You can make this password-less, but it really is not recommended.
The reason for privilege elevation, if it is not obvious by now, is to make sure no program can be run without the permission of the system admin, or owner of the system. These commands work on servers and desktops alike. So you can share that deployment server with a friend and never get your accounts or users mixed up. Always only giving needed privileges to applications and users. Linux is hard to hack because of the way the system is implemented.
This also means that you can share a computer with work colleagues or family without having to worry about settings being changed or other issues that can happen again from too much privilege. As you would not want your children to have root privileges. My 2 your old can already boot a phone into safe mode to flash it, with no training. We don’t want her owning my system by the time she is 5. For the most part, users don’t need to have these privileges. So they will probably never ask. For updates, we would recommend that you check our blog on Keeping Arch Linux Shiny with Automatic Updates using SystemD which can be found here. We go over how to update Arch using SystemD timers. All you need to do is add your system package manager commands to the scripts to adapt it to work on something other than Arch. Thanks for reading.