Performing server administration as a non-root user is a best practice. For security, your first task when deploying a FreeBSD instance at Vultr is to create a non-root user with sudo access. This guide applies to the following versions:
You can install
sudo from the Ports Collection if it's installed on your system. To install sudo from ports:
# cd /usr/ports/security/sudo/ # make install clean
You can also install the binary
sudo package using pkg:
# pkg install sudo
Create a new user account for use with sudo:
Answer the questions in the dialog to create the user. We'll use example_user in this guide.
The wheel group limits who can use
su to become root.
# pw group mod wheel -m example_user
Check the sudoers file with
Look for the wheel group. Remove the comment if the line is disabled. It should look like this when you are ready to save the file.
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
Save and exit vi. Type ESC, then :WQ, then ENTER.
Note: The visudo utility performs syntax checking before committing your edits to the file. A malformed sudoers file can break your system. Never edit /etc/sudoers directly. For example, if you make an error, you'll see this when exiting visudo.
visudo: >>> /etc/sudoers: syntax error near line 64 <<< What now? Options are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!)
Switch to the new user.
# su - example_user
Verify you are the new user with whoami, then test sudo access with sudo whoami, which should return root.
$ whoami example_user $ sudo whoami [sudo] password for example_user: root
The new user account is ready to use. As a best practice, use this sudo user for server administration. You should avoid using root for maintenance tasks.