So by the end of my last post my minimal installation of Arch Linux had a user account that I could log into instead of the root user. However in order to do anything useful on the system I need to be able to run commands such as pacman that only the root user can do. Now one way to solve this is to change to the root user with su before running the command, but this defeats the point in creating a non-root user account in the first place. Instead a better way is to make use of sudo.
Sudo (su "do") gives the ability for a user (or groups of users) to run some (or all) commands as root and also provides an audit trail of the commands and their arguments. Usage is very simple, you enter sudo followed by the command that you want to run. For example,
$ sudo pacman -Syu
Configuration is done in the file /etc/sudoers. This is where you can specify which users or groups can use sudo and what commands they can run. However, you must be careful when editing this file as any syntax errors will make sudo unusable. Therefore it is strongly recommended to do any editing via the visudo command. This locks the sudoers file, saves edits to a temporary file, and checks that file's grammar before copying it to /etc/sudoers.
Traditionally in Linux systems users that should have privileged administrator rights are added to the wheel group which is then given sudo access. As the root user the first thing that I needed to do was add my user account to the wheel group with the usermod command.
$ usermod -aG wheel david
I used the below options with the command.
- -a Modifies the -G argument so that the user is added to the specified groups and not removed from any existing ones.
- -G The list of supplementary groups that the user will be made a member of. In this case it's just wheel. Note that you need to pass -a otherwise the user will be removed from any group that is not listed.
The sudo package then needed to be installed.
$ pacman -S sudo
Next I needed to grant sudo access to the wheel group by editing /etc/sudoers with visudo. Note that the default editor for visudo is vi. Since this has not been installed on my system I can change the editor to be nvim by first setting the variable EDITOR.
$ EDITOR=nvim visudo
Once the file was opened I located and uncommented the below line before saving and exiting nvim. This allows members of the wheel group to execute any command without having to enter their password.
%wheel ALL(ALL) NOPASSWD: ALL
I checked that I had sudo access by running the below command while logged into my user account.
$ sudo pwd /home/david
Since I wasn't prompted for my password and the command was executed I knew that I now had sudo access.