Create a Sudo User on Arch Linux

Last Updated: Wed, Sep 2, 2020
Arch Best Practices

Introduction

Performing server administration as a non-root user is a best practice. For security, your first task when deploying an Arch Linux instance at Vultr is to create a non-root user with sudo access.

Supported Versions

This guide should apply to any recently updated version of Arch Linux.

1. Install sudo

As sudo is not included as part of the base installation, it will need to be installed. If you haven't done an update for a while, remember to update your local repository databases first.

# pacman --sync sudo

2. Add a New User Account

Create a new user account with the useradd tool.

# useradd --create-home example_user

Set a strong password for the new user with the passwd tool.

# passwd example_user

3. Add the User to the Wheel Group

Add the new user to the wheel group with the usermod tool.

# usermod --append --groups wheel example_user

4. Edit Sudoers File

Edit the sudoers file with the visudo tool.

# visudo

Look for the wheel group in the 'User privilege specification' section at the bottom of the file. Remove the comment from the beginning of the line, so this it looks like this:

## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL

Save and exit visudo. Type ESC, then :WQ (lowercase), then ENTER.

📝 Note: The visudo utility performs syntax checking before committing your edits to the file. A malformed sudoers file can break your system. Never edit /etc/sudoers directly. For example, if you make an error, you'll see this when exiting visudo.

visudo: >>> /etc/sudoers: syntax error near line 64 <<<
What now?
Options are:
(e)dit sudoers file again
e(x)it without saving changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)

5. Test

Switch to the new user.

# su - example_user

Verify you are the new user with whoami, then test sudo access with sudo whoami, which should return root.

$ whoami
example_user
$ sudo whoami

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for example_user:
root

Conclusion

The new user account is ready to use. As a best practice, use this sudo user for server administration. You should avoid using root for maintenance tasks.

Want to contribute?

You could earn up to $300 by adding new articles