All About Sudo on a Debian 10 Buster System

29/12/2020
Chưa phân loại
So you have recently shifted to Debian 10 and need a way for yourself, or someone else, to be able to execute authority-restricted operations on the system. These operations include information and privacy-sensitive tasks like changing the system configuration, performing user management, editing all files, installing/removing software, and upgrading your system and its components. As the first default user account after installation, ‘root’ is the most powerful user on Debian that can do all of the above. Although the name ‘root’ comes from this user’s access and permissions on the root directory, it is also termed as an Administrator, Supervisor and Super User.

So if root can do all, what is sudo and why do we need sudo users on our Debian?

What is Sudo?

Sudo or “superuser do” is a set of privileges that an Administrator/root can give to other users so that they can also perform some of the authority-restricted operations on Debian, while still maintaining the high-level security and authority on the system.

One way to give authority to users could simply be done by sharing the root password with them without getting into the whole sudo thing, but Linux has its reasons:

  • Sudo gives temporary privileges to users that can be taken away any time by root. If we had shared our root password instead, it required changing it when the privileges were to be terminated.
  • Working as root at all times is not a good security practice as one can mistakenly mess with sensitive system settings. So it is better to switch to sudo, and then back, when a restricted operation is complete.
  • The commands performed as sudo are all logged, along with the username that executed them. This ensures accountability and auditing for all such users

In this article, we will explain how you can do the following on a Debian 10 Buster System:

  1. Give sudo privilege to a user
  2. Use sudo once it is granted
  3. Remove sudo privilege from a user
  4. Check which users have sudo privilege on the system

Note: Please note that only an authorized user can perform all these operations on Debian.

Giving Sudo Privilege To A User

Most Debian installations do not come with the sudo utility installed by default. Therefore, we will first install it on our Debian-as an Administrator. Open the Terminal application through the Application Launcher search bar and then log in as root through the following command:

$ su

The system will ask you the password for root; providing which, you will be logged in as root.

Now, run the following commands in order to install sudo on your system:

# apt-get update
# apt-get install sudo

The sudo utility should now be installed on your Debian.

The /etc/sudoers file contains a list of users that have sudo privileges on the system. Although it is a text file, we do not recommend opening it in any of the available text editors. One small mistake can cost a user access to sudo rights forever.

Therefore, let us use the highly preferred and safe way of editing the sudoers file by running the following command:

# visudo

This will open the sudoers file in a safe mode. Locate the section of the file that is marked in the following screenshot and then add the following line:

%user       ALL=(ALL:ALL) ALL

I have added a user by the name of “sana” as a sudo user. Exit the file by hitting Ctrl+X. Then enter Y in order to save the modified file.

Now the user is marked as a sudo user and can perform many privileged operations on your Debian.

How To Use Sudo Once It Is Granted

Log in as a user that is granted sudo rights on Debian and then open the Terminal application. Let us now verify the sudo login and also if we are able to perform any of the authority-restricted operations.

If you enter the following command in order to install the VLC player, you will get the error displayed in the screenshot:

$ apt-get install vlc

The reason here is that only an authorized user(root or sudo) is allowed to add and remove software on Debian. Therefore, we will run the same command as sudo now:

$ sudo apt-get install vlc

As a sudo user runs this command, they will be asked to provide their own password.

After being verified as sudo, the installation process will begin- as shown above.

How To Remove Sudo Privilege From a User

The process of removing a user from the sudoers list is as simple as adding one. As root or as a sudo user, open the sudoers file as follows:

# visudo

Or,

$ sudo visudo

Then, remove or comment out the line which marks the user as sudo.

Save the file and the specified user is no longer recognized by the system as an authorized sudo user.

How To Check Which Users Have Sudo Privilege in The System

It is a good managerial check to see, from time to time, as to which users have been granted sudo rights on a system. It helps in deciding whose sudo status should retain and whose to let go. What we are looking for is a way to list the members of the ‘sudo’ group.

The following use of the Linux getent command will enable an Administrator to check which users have sudo privileges on your Debian:

# getent group sudo

If you want to check whether a certain user is a member of the sudo group, you can make use of the Linux groups command as follows:

# sudo groups [username]

After reading this article, not only will you be able to differentiate the terms sudo, root, Administrator, supervisor, etc, but also manage safely which ones you want to grant sudo rights to, on your Debian.

Sandclock IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, Sandclock IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

How to Use GNOME Disk Utility

GNOME Disk Utility is the default graphical partitioning tool on the GNOME 3 desktop environment and other GNOME based...
29/12/2020

Disable IPv6 on CentOS 8

In this article, I am going to show you how to disable IPv6 on CentOS 8. So, let’s get started. Checking for IPv6 Availability: You...
29/12/2020

Parrot Security OS: Product Review

Parrot Security OS is an open source and free GNU/LINUX distribution that is made for developers, penetration testers,...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Hướng dẫn chuyển đổi windows server windows evaluation to standard và active windows server 2008 + 2012 + 2016 + 2019
26/10/2021

How to Update Ubuntu Linux
24/10/2021

Squid Proxy Manager cài đặt và quản lý Proxy Squid tự động trên ubuntu
20/10/2021

Hướng dẫn cài đặt Apache CloudStack 4.15.2.0
19/10/2021

Hướng dẫn ký file PDF bằng chữ ký số (chữ ký điện tử) và sửa lỗi mới nhất 2021 foxit reader
19/10/2021