Create a Sudo User on OpenBSD

Last modified: October 7, 2020
You are here:
Estimated reading time: 1 min

Introduction

Performing server administration as a non-root user is a best practice. For security, your first task when deploying a Fedora instance at FastyClud is to create a non-root user with sudo access. This guide applies to the following versions:

  • OpenBSD 6.6
  • OpenBSD 6.7

1. Install Sudo

Install the binary sudo package. Choose option 1 unless you know why you need another package.

# pkg_add sudo

quirks-3.187 signed on 2020-05-19T14:41:48Z
Ambiguous: choose package for sudo
a       0: <None>
        1: sudo-1.8.31
        2: sudo-1.8.31-gettext
        3: sudo-1.8.31-gettext-ldap
Your choice: 1
sudo-1.8.31: ok

2. Add the Sudo User

Create a new user account for use with sudo, and set the password.

# useradd -m example_user
# passwd example_user
Changing password for example_user.
New password:
Retype new password:

3. Add User to the Wheel Group

The wheel group limits who can use su to become root.

# user mod -G wheel example_user

4. Edit Sudoers File

Check the sudoers file with visudo.

# visudo

Look for the wheel group. Remove the comment if the line is disabled. It should look like this when you are ready to save the file.

# Uncomment to allow people in group wheel to run all commands
# and set environment variables.
%wheel  ALL=(ALL) SETENV: ALL

Save and exit vi. Type ESC, then :WQ, then ENTER.

Note: The visudo utility performs syntax checking before committing your edits to the file. A malformed sudoers file can break your system. Never edit /etc/sudoers directly. For example, if you make an error, you’ll see this when exiting visudo.

visudo: >>> /etc/sudoers: syntax error near line 64 <<<
What now?
Options are:
(e)dit sudoers file again
e(x)it without saving changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)

5. Test

Switch to the new user.

# su - example_user

Verify you are the new user with whoami, then test sudo access with sudo whoami, which should return root.

$ whoami
example_user
$ sudo whoami
[sudo] password for example_user:
root

Conclusion

The new user account is ready to use. As a best practice, use this sudo user for server administration. You should avoid using root for maintenance tasks.

Want to contribute?

Was this article helpful?
Dislike 0
Views: 481