Introduction
Performing server administration as a non-root user is a best practice. For security, your first task when deploying a FreeBSD instance at FastyCloud is to create a non-root user with sudo access. This guide applies to the following versions:
- FreeBSD 11
- FreeBSD 12
1. Install Sudo
You can install sudo from the Ports Collection if it’s installed on your system. To install sudo from ports:
# cd /usr/ports/security/sudo/
# make install clean
You can also install the binary sudo package using pkg:
# pkg install sudo
2. Add the Sudo User
Create a new user account for use with sudo:
# adduser
Answer the questions in the dialog to create the user. We’ll use example_user in this guide.
3. Add User to the Wheel Group
The wheel group limits who can use su to become root.
# pw group mod wheel -m example_user
4. Edit Sudoers File
Check the sudoers file with visudo.
# visudo
Look for the wheel group. Remove the comment if the line is disabled. It should look like this when you are ready to save the file.
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
Save and exit vi. Type ESC, then :WQ, then ENTER.
Note: The visudo utility performs syntax checking before committing your edits to the file. A malformed sudoers file can break your system. Never edit /etc/sudoers directly. For example, if you make an error, you’ll see this when exiting visudo.
visudo: >>> /etc/sudoers: syntax error near line 64 <<<
What now?
Options are:
(e)dit sudoers file again
e(x)it without saving changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)
5. Test
Switch to the new user.
# su - example_user
Verify you are the new user with whoami, then test sudo access with sudo whoami, which should return root.
$ whoami
example_user
$ sudo whoami
[sudo] password for example_user:
root
Conclusion
The new user account is ready to use. As a best practice, use this sudo user for server administration. You should avoid using root for maintenance tasks.