Using sudo on FreeBSD

Sudo is a way of temporarily granting specific privileges to users who aren't the root user, which is most of them. It allows a user to execute a command as the superuser or as another user. However, unlike with Linux distros sudo does not come with FreeBSD. Here's how to fix that..

I have used the following version of sudo: sudo-1.6.9p17.tar.gz which can be obtained through a Google search or try going through Filewatcher.com.

Upload the file to the BSD box, change to the directory containing the file and then run the folllowing commands, allowing each one to complete before moving to the next:

tar -zxvf sudo-1.6.9p17.tar.gz
cd sudo-1.6.9p17
./configure
make
make install

After installation, the aptly named sudoers config file needs to be edited. Mine was in /etc/sudoers or do a search for it..

find / -name  sudoers

As usual, back the file up before editing it..

cp /etc/sudoers /etc/sudoers.bak

Edit the file with your text editor of choice (as root):

vi /etc/sudoers

Note that you may need to override the file's read-only attribute by using the vi command :w! to save before exiting.

Configuration options

Uncomment the following line to allow users in the wheel group to run all commands as root:

%wheel ALL=(ALL) ALL

For all users in the wheel group to acquire these privileges without using a password then uncomment the line:

%wheel ALL=(ALL) NOPASSWD: ALL

Add the following line to let user angela access all privileges without entering a password:

angela ALL=(ALL) NOPASSWD: ALL

Sudo can be used to control specific tasks by user. For instance to allow user angela to mount and unmount /cdrom, the following line could be added:

angela ALL=/sbin/mount /cdrom,/sbin/umount /cdrom

To allow members of the users group to shutdown the computer, add the following to the sudoers file:

%users localhost=/sbin/shutdown -h now

Note that you may need to override the file's read-only attribute by using the vi/visudo command :w! to save before exiting. Just emphasising the point.

Using sudo

Finally, the sudo command can be used just as with Linux. To use sudo, just prefix sudo before the command which requires specific privileges.

For the %wheel ALL=(ALL) ALL example above, if you are in the wheel group and want to shutdown the computer you'd type:

sudo shutdown -h now

Once a correct password is entered, sudo records the time and for the next five minutes it won't request a password. After those five minutes you must re-authenticate. Change the timeout value by setting the password_timeout value in the /etc/sudoers file.

Invocations of sudo are logged in /var/log/messages.