December 10, 2014

Installing sudo in FreeBSD

I've been recently preparing a FreeBSD VM image for my small opennebula server.

The first annoying fact I found, is that I wanted to disable the password for the root account and use sudo instead. So the solution was to install sudo in my images, and the question was how.



Fortunatelly me (And all the people) the answer is quite simple, because FreeBSD guys are that nice that they included sudo in the list of ported application.

And this basically can be done with two commands.
The first, is that if you included the ports in your installation you can install it just with:
# cd /usr/ports/security/sudo/ && make install clean

If your did not, you can install it using the package manager:
pkg_add -rv sudo

or

pkg_add -r sudo

Depending if you want it to be verbose or note.

Now the remaining stuff is well know for those who used sudo before.
The configuration is simple and the file is located in /usr/local/etc/sudores. This file should not be edited manually, instead there is something to do that call visudo and that't the only way people should modify this configuration file.

My  approach was to create the sudo group, add the users that should have access to the root account to this group, and then finally added the group to the sudoers file to allow users of that group to run all sudo commands. It is up to each person how to manage the security in each system, probably directly linked to the level of security required. In the past, we had one very critical system, where the assignment to the sudo group was just temporal, and handled by a site that generated a workflow of approvals, once those approvals were granted the user was assigned to the group for a specified time, and after that time expired the user was removed without questions unless an extension of the assignment was requested through the same site.