Give Yourself The Proper Linux Privileges on Your New Machine

Melanie Gross
Jun 15, 2011
Updated • Jan 16, 2013
Linux
|
10

For many of us, the days following the fresh install of a new Linux distribution are like starting your life over. It's a time for new beginning – new choices for programs, new configurations, new icons. You have a clean slate, and it's time to explore the possibilities the unknown distro brings with it.

Naturally, you jump on your computer, open up a terminal window, and start throwing out sudo apt-get install commands left and right to play with new applications. But wait: Error messages start flying back saying that you profile is not included as a sudoer.

Well, not exactly. If the first time you attempt to operate as root on a recently installed system and the system spouts back something about your profile not having sufficient privileges to carry out the task, it means that you properly installed the distro.

The fact is that you (probably) do not want to be operating as supervisor all the time. It can be dangerous, and far too often it leads to system meltdowns at the worst possible times. While not having to insert a password before any administrative task can be helpful a lot of the time, using root as a primary account leaves your computer exposed to user stupidity – and plain dumb mistakes happen to the best of us.

Ok, so you don't want to be root all the time, but you obviously need to be able to carry out administrative tasks from time to time – like when you want to do something as simple as installing a new program. So how do you add your profile to the sudoer file?

It's actually very easy. First, open up a terminal window (probably the one that yelled at you for having insufficient privileges in the first place). For this tutorial let's pretend your username is alpha, so every time you see alpha substitute in your general user profile. Go ahead and type is “su” on the first line and hit enter. You will be prompted for your password – go ahead and supply it.

Next, you need to give yourself permission to edit the sudoers file. Type

  • chmod +w /etc/sudoers

Then click enter again. Now you can go in and add yourself to the list. Type

  • echo 'alpha ALL=(ALL)' >> /ect/sudoers

And then go ahead and click enter again. Congratulations, you're now on the list. Before we leave, we want to reset the permissions of the sudoer file by typing

chmod -w /etc/sudoers

Click enter again, type “exit”, press enter again, and then type “exit” one more time to leave the terminal window. And that's it! Your profile has now been added to the list of those with administrative privileges.

While it is not a difficult procedure, it is one that is easily forgotten. Once you have given yourself sudo privileges you can give them to other Linux users as well, whether you have multiple profiles set up for other users on your computer or even different profiles for different tasks.

Update:

Edit: A number of people have responded to this post raising very justified concerns about configuring sudo in this manner. While it is perfectly safe if you are careful about every change you make, a mistake in configuring sudo can lead to bad problems down the line. As a safeguard, many people prefer editing the sudo file through the visudo command, which, if sudo has not yet been configured, must be accessed when logged in as root. To do so, login as root, open a terminal and type:

visudo

At the bottom of the new series of characters is a line that reads:

#includedir /etc/sudoers.d

To enable a user full access to sudo, simply type:

  • “insertusernamewithoutquotes” ALL=(ALL) ALL

Press Ctrl+X to exit the program and click Y to save a backup buffer file on your way out just in case things go wrong.

Two ways to address the same problem – This method simply provides a failsafe.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Diego said on June 26, 2011 at 2:44 pm
    Reply

    Martin, perdon… Despues de leer mi comentario creo que estuve un poco agresivo. Es tu blog y vos escribis como quieras.
    Me parecio mal haber comentado en ese tono, mas aun despues de haber conocido/aprendido un monton de cosas interesantes gracias a vos.
    Gracias!

  2. Diego said on June 26, 2011 at 1:21 pm
    Reply

    Martin…
    Tengo un buen concepto de vos y tu sitio.
    NO VUELVAS a hacer esto…

    Para los lectores, el post real esta en los comentarios. Como se hace eso?
    Tocar un tema de Linux y hacerlo mal adrede.
    Luego es inevitable las correcciones.

    Igual seguire leyendo tus posts.
    Gracias por permitirme corregirte.

    Saludos!

  3. lenny82 said on June 16, 2011 at 11:18 pm
    Reply

    Wow, I have never seen people so riled about so simple a process before! This is ridiculous!

    While I wouldn’t do it that way, there’s absolutely nothing wrong with the implementation, making it a what? ALTERNATIVE. Don’t pretend like your way is the only way, that’s the joy of Linux. It offers the flexibility to do things multiple ways.

    So get off your high horses and consider the way that you manipulate systems may not be the only way. This has nothing to do with “linux security,” and it is most certainly not worthless.

    Techies have a habit of being stubborn as hell – I know I am. But Christ, people, this is just plain petty.

  4. Dean said on June 16, 2011 at 12:11 pm
    Reply

    This would have to be the most destructive article on linux security I’ve ever read – just plain nasty – I’m still shaking my head … unbelievable!

  5. BadCam said on June 16, 2011 at 10:36 am
    Reply

    I agree with Christoph. This article is dangerous. Especially for a new user that stumbles upon it and doesn’t take the time to read everything first. At the very LEAST, the Edit should be placed at the top of the article as a direct warning that the information that follows is not best practice. Thanks.

  6. BadCam said on June 15, 2011 at 12:56 pm
    Reply

    Ouch! First post too.

  7. Christoph said on June 15, 2011 at 9:20 am
    Reply

    Sorry, this post makes baby jesus cry! Do NOT edit /etc/sudoers with a standard editor, do NOT change the file permissions. This is so important, that you can find this info even in the /etc/sudoers itself!

    #
    # This file MUST be edited with the ‘visudo’ command as root.
    #
    # Please consider adding local content in /etc/sudoers.d/ instead of
    # directly modifying this file.
    #
    # See the man page for details on how to write a sudoers file.

    If you you want to edit /etc/sudoers, please use…

    $ visudo

    Why? visudo edits the sudoers file in a safe fashion. It locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. Please read the man pages on sudoers and sudo.

    http://wiki.debian.org/sudo

    1. Martin Brinkmann said on June 16, 2011 at 9:27 am
      Reply

      This is from Melanie who posted the article: While carefully following the steps in the how-to will safely change the permissions of sudoer, you have made compelling and valid arguments for the use of visudo. I’ve added them to the main article to let future readers know the risks of my method as well as the alternatives you have suggested. Thanks for the help!

      1. Christoph said on June 16, 2011 at 9:48 am
        Reply

        Melanie way of handling sudo is not a alternativ, it’s plain wrong… I don’t want to bitch, but this posting is just bad. Either change it completely, or get rid of it. The visudo part is not only one thing which is wrong. This article is most likely completly useless! Take a look at the /etc/sudoers of Debian….

        # Allow members of group sudo to execute any command
        # (Note that later entries override this, so you might need to move
        # it further down)
        %sudo ALL=(ALL) ALL

        So all users who are listed onside the “sudo” group (in Ubuntu it’s called admin) may execute sudo commands. So to get things started, simply…

        $ adduser whoever sudo

        …log out of the system, log back into it, and your done. Please don’t let people write about security related topics, when they obviously don’t have a clue. Internet blogs are full of dead wrong guides, don’t add another.

        Sincerely
        Christoph

    2. digitalrefuse said on June 15, 2011 at 3:09 pm
      Reply

      I was just about to make a very similar statement…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.