summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source/_posts/granting_sudo_access_to_a_user_in_arch_linux.md51
1 files changed, 51 insertions, 0 deletions
diff --git a/source/_posts/granting_sudo_access_to_a_user_in_arch_linux.md b/source/_posts/granting_sudo_access_to_a_user_in_arch_linux.md
new file mode 100644
index 0000000..18ce3b5
--- /dev/null
+++ b/source/_posts/granting_sudo_access_to_a_user_in_arch_linux.md
@@ -0,0 +1,51 @@
+---
+extends: _layouts.post
+section: content
+title: Granting Sudo Access to a User in Arch Linux
+date: 2020-06-22
+description: This guide shows how I granted sudo access to my user account in Arch Linux
+tags: [Arch]
+---
+
+So by the end of my last [post](/posts/adding-a-user-in-arch-linux/) my minimal installation of Arch Linux had a user account that I could log into instead of the root user. However in order to do anything useful on the system I need to be able to run commands such as *pacman* that only the root user can do. Now one way to solve this is to change to the root user with *su* before running the command, but this defeats the point in creating a non-root user account in the first place. Instead a better way is to make use of *sudo*.
+
+Sudo (su "do") gives the ability for a user (or groups of users) to run some (or all) commands as root and also provides an audit trail of the commands and their arguments. Usage is very simple, you enter *sudo* followed by the command that you want to run. For example,
+
+```shell
+$ sudo pacman -Syu
+```
+
+Configuration is done in the file */etc/sudoers*. This is where you can specify which users or groups can use *sudo* and what commands they can run. However, you must be careful when editing this file as any syntax errors will make *sudo* unusable. Therefore it is strongly recommended to do any editing via the *visudo* command. This locks the *sudoers* file, saves edits to a temporary file, and checks that file's grammar before copying it to */etc/sudoers*.
+
+Traditionally in Linux systems users that should have privileged administrator rights are added to the *wheel* group which is then given *sudo* access. As the root user the first thing that I needed to do was add my user account to the *wheel* group with the *usermod* command.
+
+```shell
+$ usermod -aG wheel david
+```
+
+I used the below options with the command.
+
+- *-a* Modifies the *-G* argument so that the user is added to the specified groups and not removed from any existing ones.
+- *-G* The list of supplementary groups that the user will be made a member of. In this case it's just *wheel*. Note that you need to pass *-a* otherwise the user will be removed from any group that is not listed.
+
+Next I needed to grant *sudo* access to the wheel group by editing */etc/sudoers* with *visudo*. Note that the default editor for *visudo* is *vi*. Since this has not been installed on my system I can change the editor to be *nvim* by first setting the variable *EDITOR*.
+
+```shell
+$ EDITOR=nvim visudo
+```
+
+Once the file was opened I located and uncommented the below line before saving and exiting *nvim*. This allows members of the *wheel* group to execute any command without having to enter their password.
+
+```shell
+%wheel ALL(ALL) NOPASSWD: ALL
+```
+
+I checked that I had *sudo* access by running the below command while logged into my user account.
+
+```shell
+$ sudo pwd
+
+/home/david
+```
+
+Since I wasn't prompted for my password and the command was executed I knew that I now had *sudo* access.