Debian 8 Jessie: install and configure SUDO

Sudo (sometimes considered as short for Super-user do) is a program designed to let system administrators allow some users to execute some commands as root (or another user). The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Sudo is also an effective way to log who ran which command and when.
Basically, the prefix sudo will be used before a command line that need to be run with root privilege.

Unlike Ubuntu, sudo is not installed by default in Debian 8. We will see in this article how to install, configure and use sudo.

 

Installation of sudo

Once connected with a "standard" user on your Debian server, execute the su command to login as root (the associated password is required).
Then install the sudo package by running the apt-get install sudo command.

dev@myserver:~$ su
Password:
root@myserver:/home/dev# apt-get install sudo
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  sudo
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 855 kB of archives.
After this operation, 2,390 kB of additional disk space will be used.
Get:1 http://ftp.fr.debian.org/debian/ jessie/main sudo amd64 1.8.10p3-1+deb8u3 [855 kB]
Fetched 855 kB in 0s (1,944 kB/s)
Selecting previously unselected package sudo.
(Reading database ... 19305 files and directories currently installed.)
Preparing to unpack .../sudo_1.8.10p3-1+deb8u3_amd64.deb ...
Unpacking sudo (1.8.10p3-1+deb8u3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u3) ...
Setting up sudo (1.8.10p3-1+deb8u3) ...
Processing triggers for systemd (215-17+deb8u3) ...

 

Basis Configuration of sudo

Still as root, open the /etc/sudoers file with your favorite text editor (for me it's nano smiley)

nano /etc/sudoers

Then add the line <user>      ALL=(ALL:ALL) ALL right after the root    ALL=(ALL:ALL) ALL
Take care to replace <user> by your standard username (not root).
Example below with my dev user.

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
dev     ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

For those who don't want to change the above configuration file, a user can also use the sudo command if it is member of the sudo group.

So you can just run the command adduser dev sudo to add the user dev inside sudo group..
Warning: in this case, a new SSH session must be opened to grant to user dev the right to use sudo.

adduser dev sudo

 

How to use sudo

No need to use root user to do the normal administrative tasks that don't require root access.
And if you need root privilege, simply type in the sudo prefix before your command.

Example to edit the list of your Debian repositories:

sudo nano /etc/apt/sources.list

Or to update your system:

sudo apt-get update
sudo apt-get upgrade

 

The shortcut command !!

When we execute a Linux command line, we often forget that we need root privilege in order to run it.
And if you forgot to sudo prefix before your command line, simply enter sudo !! at the next prompt to automatically execute the previous command line with a sudo prefix addedyes.

See it in action:

dev@myserver:~$ apt-get update
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
dev@myserver:~$ sudo !!
sudo apt-get update
[sudo] password for dev:
Ign http://ftp.fr.debian.org jessie InRelease
Hit http://ftp.fr.debian.org jessie-updates InRelease
Hit http://ftp.fr.debian.org jessie Release.gpg
Hit http://ftp.fr.debian.org jessie-updates/main Sources
Hit http://security.debian.org jessie/updates InRelease
Get:1 http://ftp.fr.debian.org jessie-updates/main amd64 Packages/DiffIndex [367 B]
Hit http://ftp.fr.debian.org jessie-updates/main Translation-en
Hit http://ftp.fr.debian.org jessie Release
Hit http://security.debian.org jessie/updates/main Sources
Hit http://ftp.fr.debian.org jessie/main Sources
Hit http://ftp.fr.debian.org jessie/main amd64 Packages
Hit http://security.debian.org jessie/updates/main amd64 Packages
Hit http://ftp.fr.debian.org jessie/main Translation-en
Hit http://security.debian.org jessie/updates/main Translation-en
Fetched 367 B in 1s (285 B/s)
Reading package lists... Done
dev@myserver:~$

 

Comments

Very nice!

Nice, but be careful, you should never use nano to edit /etc/sudoers. Indeed, a syntax error in this file can you with a system where it is impossible to obtain elevated privileges. You should use text edit visudo instead to edit /etc/sudoers.

Add new comment

You must have Javascript enabled to use this form.