All About Sudo on a Debian 10 Buster System

29/12/2020
Chưa phân loại
So you have recently shifted to Debian 10 and need a way for yourself, or someone else, to be able to execute authority-restricted operations on the system. These operations include information and privacy-sensitive tasks like changing the system configuration, performing user management, editing all files, installing/removing software, and upgrading your system and its components. As the first default user account after installation, ‘root’ is the most powerful user on Debian that can do all of the above. Although the name ‘root’ comes from this user’s access and permissions on the root directory, it is also termed as an Administrator, Supervisor and Super User.

So if root can do all, what is sudo and why do we need sudo users on our Debian?

What is Sudo?

Sudo or “superuser do” is a set of privileges that an Administrator/root can give to other users so that they can also perform some of the authority-restricted operations on Debian, while still maintaining the high-level security and authority on the system.

One way to give authority to users could simply be done by sharing the root password with them without getting into the whole sudo thing, but Linux has its reasons:

  • Sudo gives temporary privileges to users that can be taken away any time by root. If we had shared our root password instead, it required changing it when the privileges were to be terminated.
  • Working as root at all times is not a good security practice as one can mistakenly mess with sensitive system settings. So it is better to switch to sudo, and then back, when a restricted operation is complete.
  • The commands performed as sudo are all logged, along with the username that executed them. This ensures accountability and auditing for all such users

In this article, we will explain how you can do the following on a Debian 10 Buster System:

  1. Give sudo privilege to a user
  2. Use sudo once it is granted
  3. Remove sudo privilege from a user
  4. Check which users have sudo privilege on the system

Note: Please note that only an authorized user can perform all these operations on Debian.

Giving Sudo Privilege To A User

Most Debian installations do not come with the sudo utility installed by default. Therefore, we will first install it on our Debian-as an Administrator. Open the Terminal application through the Application Launcher search bar and then log in as root through the following command:

$ su

The system will ask you the password for root; providing which, you will be logged in as root.

Now, run the following commands in order to install sudo on your system:

# apt-get update
# apt-get install sudo

The sudo utility should now be installed on your Debian.

The /etc/sudoers file contains a list of users that have sudo privileges on the system. Although it is a text file, we do not recommend opening it in any of the available text editors. One small mistake can cost a user access to sudo rights forever.

Therefore, let us use the highly preferred and safe way of editing the sudoers file by running the following command:

# visudo

This will open the sudoers file in a safe mode. Locate the section of the file that is marked in the following screenshot and then add the following line:

%user       ALL=(ALL:ALL) ALL

I have added a user by the name of “sana” as a sudo user. Exit the file by hitting Ctrl+X. Then enter Y in order to save the modified file.

Now the user is marked as a sudo user and can perform many privileged operations on your Debian.

How To Use Sudo Once It Is Granted

Log in as a user that is granted sudo rights on Debian and then open the Terminal application. Let us now verify the sudo login and also if we are able to perform any of the authority-restricted operations.

If you enter the following command in order to install the VLC player, you will get the error displayed in the screenshot:

$ apt-get install vlc

The reason here is that only an authorized user(root or sudo) is allowed to add and remove software on Debian. Therefore, we will run the same command as sudo now:

$ sudo apt-get install vlc

As a sudo user runs this command, they will be asked to provide their own password.

After being verified as sudo, the installation process will begin- as shown above.

How To Remove Sudo Privilege From a User

The process of removing a user from the sudoers list is as simple as adding one. As root or as a sudo user, open the sudoers file as follows:

# visudo

Or,

$ sudo visudo

Then, remove or comment out the line which marks the user as sudo.

Save the file and the specified user is no longer recognized by the system as an authorized sudo user.

How To Check Which Users Have Sudo Privilege in The System

It is a good managerial check to see, from time to time, as to which users have been granted sudo rights on a system. It helps in deciding whose sudo status should retain and whose to let go. What we are looking for is a way to list the members of the ‘sudo’ group.

The following use of the Linux getent command will enable an Administrator to check which users have sudo privileges on your Debian:

# getent group sudo

If you want to check whether a certain user is a member of the sudo group, you can make use of the Linux groups command as follows:

# sudo groups [username]

After reading this article, not only will you be able to differentiate the terms sudo, root, Administrator, supervisor, etc, but also manage safely which ones you want to grant sudo rights to, on your Debian.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

How to Install Latest NGINX 1.11.9 on Ubuntu, CentOS, RHEL

Nginx 1.11.9 (pronounced as [engine x]) is the most recent release and this release addresses reported bugs. Nginx is an...
28/12/2020

Install Ubuntu on Raspberry Pi

Installing Ubuntu Mate on Raspberry Pi 2 and 3 WHAT IS RASPBERRY PI? Raspberry pi is a credit card-sized computer that can...
12/02/2020

Cài đặt SSL HTTPS Grafana Centos 7

Grafana SSL SSL is not installed by default when using the free, self-hosted community edition. If you purchase the cloud...
01/11/2021
Bài Viết

Bài Viết Mới Cập Nhật

Mua Proxy V6 Nuôi Facebook Spam Hiệu Quả Tại Onetcomvn
03/06/2024

Hướng dẫn cách sử dụng ProxyDroid để duyệt web ẩn danh
03/06/2024

Mua proxy Onet uy tín tại Onet.com.vn
03/06/2024

Thuê mua IPv4 giá rẻ, tốc độ nhanh, uy tín #1
28/05/2024

Thuê địa chỉ IPv4 IPv6 trọn gói ở đâu chất lượng, giá RẺ nhất?
27/05/2024