Basic Sudo Access

A few months back I noted that I’d be more concerned with security going forward. Among other things, this means using sudo for accounting and authorization. A mature system would configure this via Puppet or another CM tool. If you haven’t gotten there with your CM tool, or you are working on a standalone system, you can still enable basic sudo access with a few steps:

[root@puppet git]# useradd rnelson0 -c "Rob Nelson"
[root@puppet git]# passwd rnelson0
Changing password for user rnelson0.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

[root@puppet ~]# cat > /etc/sudoers.d/sudoadmins
rnelson0        ALL=(ALL)       ALL
  1. Add a local user.
  2. Set a password for the local user.
  3. Allow the user to use sudo for all commands.

This is a good start for a lab. In production, more granular sudo permissions should be used, in addition to a central user management system, like LDAP or ADS. And if you have to do this in more than one place, automation is a good idea.