How to Install Sudo on a FreeBSD System

Sudo is a command line utility for Unix-based operating systems such as FreeBSD, OpenBSD, DragonFLY BSD, Linux and macOS. The sudo utility provides an efficient way to grant a user or group of users privileged access to system resources so that they can run commands that they cannot run under their regular account. Users can even be given permission to run commands under the root account, which is the most powerful account on Unix-like systems. Sudo also logs all commands and arguments so administrators can track every user who uses sudo.

So, what is sudo for and what does it do? If you prefix "sudo" with any FreeBSD command, it will run the command with elevated privileges. Elevated privileges are required to perform certain administrative tasks. Someday you may want to run a LAMP (Linu Apache MySQL PHP) server, and have to edit your configuration files manually. You may also need to restart or reset the Apache web server or other service daemons.

Or you may even need elevated privileges to shut down or restart the computer. "Hey, who turned this thing off?!" If you're familiar with Windows, this is very similar to the Windows User Account Control dialog box that appears when you're trying to do something important, only not as friendly.

In Windows, if you try to perform an administrative task, a dialog box asks if you want to continue ("Are you really sure you want to run the program you just clicked on?"). The task was then carried out. On Mac, a security dialog box appears and you are asked to enter your password and click OK. This is more of a dramatic story on FreeBSD.

Many sources state that sudo is an abbreviation of superuser do. However, the group that developed sudo stopped using that description more than 10 years ago. According to the group's website, sudo now means su "does", indicating a tool that provides su-like capabilities. Su is a command line utility and stands for switch user or alternate user. Like sudo, the utility allows users to run commands under different accounts. However, sudo has several important advantages over su.


1. How Sudo Works

With the sudo command, you must enter "sudo" before each command. This means you won't have to remember to switch back to regular user mode, and fewer errors will occur.

With sudo, when the user runs the command, he will be asked to enter a password to log in. After entering the password correctly, the user can then run other commands without providing the password each time they run the command, but there is a limit to how long. By default, the session expires after five minutes of inactivity, and the user must enter the password again. However, administrators can set a time other than five minutes when configuring sudo.

Sudo allows regular users to run commands with elevated privileges. This is a great way to temporarily grant administrative rights to a user, without sharing root account credentials. But how does sudo management work? What best practices should you follow before adding users to sudo?.

There are two ways to elevate your privileges on Unix systems like FreeBSD. You can log in as root or superuser, or you can use sudo. The former is not recommended, as it violates the principle of least privilege. The latter is a more secure approach, as it allows granular access control and individual accountability.

Sudo management is a technique for restricting and managing privileged access, using the sudo configuration file. Administrators can use a single configuration file (/usr/local/etc), or create multiple configuration files per user in the /usr/local/etc/sudoers.d directory.

This configuration file contains rules that govern which users can run which commands with root privileges. They also contain other configurable parameters, such as whether to require a password for authentication, a list of applicable hostnames and networks, and where to report incorrect password attempts.


2. Installing sudo on FreeBSD

This article will discuss how to use the sudo utility on a FreeBSD system. In writing this article, FreeBSD 13.2 was used.

OK, let's just practice how to use sudo on a FreeBSD system. By default FreeBSD does not include sudo on its system. In order for sudo to run on FreeBSD, it must be installed first. The following is how to install sudo on FreeBSD.

root@ns1:~ # cd /usr/ports/security/sudo
root@ns1:/usr/ports/security/sudo #
make install clean
===> SECURITY REPORT:
This port has installed the following binaries which execute with
increased privileges.
/usr/local/bin/sudo

This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/bin/sudo
/usr/local/sbin/sudo_logsrvd

If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.

For more information, and contact details about the security
status of this software, see the following webpage:
https://www.sudo.ws/
===> Cleaning for sudo-1.9.14p3

From the installation process above, we can see that the sudo version used is udo-1.9.14p3. The main file for sudo configuration is called sudoers which is located in the /usr/local/etc and /usr/local/etc/sudoers.d folders. Why... why are there 2 sudo configuration file folders. As described above, these two folders have different functions. In this article we will configure sudo in the /usr/local/etc/sudoers folder, because we will use several users to configure sudo.

In this article we will create several users who can access the FReeBSD system. For more clarity on how to create a user on FreeBSD, please read the previous article.




For example, we have created a user with the name: bromo, rinjani, semeru, argopuro and others. Now we edit the configuration file /usr/local/etc/sudoers. In the /usr/local/etc/sudoers file, remove the "#" sign in front of the script. The following is a script that must be activated.

root@ns1:~ # ee /usr/local/etc/sudoers
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL=(ALL:ALL) ALL
semeru ALL=(ALL:ALL) ALL
rinjani ALL=(ALL:ALL) ALL
bitcoin ALL=(ALL:ALL) ALL
argopuro ALL=(ALL) ALL
%wheel ALL=(ALL:ALL) ALL

In the script above, semeru, rinjani, bitcoin and argopuro are users.


3. Running sudo on FreeBSD

After completing the sudo configuration, now we will test sudo by updating pkg and installing unbound.

root@ns1:~ # su semeru
$
pkg update
pkg: Insufficient privileges to update the repository catalogue.
$
pkg install unbound
pkg: Insufficient privileges to install packages

In the script above, the Semeru user cannot update the pkg and cannot install the unbound application. Now we add the sudo command.

root@ns1:~ # su semeru
$
sudo pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking for upgrades (0 candidates): 100%
Processing candidates (0 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.

$
sudo pkg install unbound
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
unbound: 1.17.1_2

Number of packages to be installed: 1

The process will require 8 MiB more space.
2 MiB to be downloaded.

Proceed with this action? [y/N]: y


By adding sudo, the update and install process can run. The following is an example of another sudo command that is routinely carried out by a system administrator.

root@ns1:~ # su semeru
$
su argopuro
Password: masukkan password
$
sudo su
root@ns1:~ #

In the first script we log in as user Semeru, then in the second script we log in as user Argopuro. For the Argopuro user, we have to enter a password. And the last script description is that we log in as the root user.

Many times we need to run various commands as root user to perform operations on Unix-based systems. However, we do not always have access to the root user and thanks to sudo we can do it.

Getting used to sudo is easy, although it takes time. Hopefully, this tutorial is enough to get you started with sudo.
Iwan Setiawan

I Like Adventure: Mahameru Mount, Rinjani Mount I Like Writer FreeBSD

Post a Comment

Previous Post Next Post