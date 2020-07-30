Introduction

Performing server administration as a non-root user is a best practice. For security, your first task when deploying a Fedora instance at Vultr is to create a non-root user with sudo access. This guide applies to the following versions:

FreeBSD 11

FreeBSD 12

1. Install Sudo

You can install sudo from the Ports Collection if it's installed on your system. To install sudo from ports:

# cd /usr/ports/security/sudo/ # make install clean

You can also install the binary sudo package using pkg:

# pkg install sudo

2. Add the Sudo User

Create a new user account for use with sudo:

# adduser

Answer the questions in the dialog to create the user. We'll use example_user in this guide.

3. Add User to the Wheel Group

The wheel group limits who can use su to become root.

# pw group mod wheel -m example_user

4. Edit Sudoers File

Check the sudoers file with visudo .

# visudo

Look for the wheel group. Remove the comment if the line is disabled. It should look like this when you are ready to save the file.

## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL

Save and exit vi. Type ESC , then : W Q , then ENTER .

Note: The visudo utility performs syntax checking before committing your edits to the file. A malformed sudoers file can break your system. Never edit /etc/sudoers directly. For example, if you make an error, you'll see this when exiting visudo.

visudo: >>> /etc/sudoers: syntax error near line 64 <<< What now? Options are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!)

5. Test

Switch to the new user.

# su - example_user

Verify you are the new user with whoami, then test sudo access with sudo whoami, which should return root.

$ whoami example_user $ sudo whoami [sudo] password for example_user: root

Conclusion

The new user account is ready to use. As a best practice, use this sudo user for server administration. You should avoid using root for maintenance tasks.