Granting Sudo Privileges on AlmaLinux 9.2#
Empower users in your home lab with sudo access! This guide walks you through adding a user with administrative privileges on AlmaLinux 9.2.
Non-Sudo Users:#
For users who don’t require administrative privileges, simply follow steps 1 and 2 below. These users will have basic access to the system but won’t be able to execute commands with sudo.
Why Sudo Users?#
Sudo allows authorized users to execute commands with elevated permissions, crucial for managing your server effectively.
Steps:#
Create a New User:
Open a terminal and run:
sudo useradd myuserReplace “myuser” with your desired username.
Set a Strong Password:
Use the
passwdcommand followed by the username:passwd myuserEnter and confirm a strong password for the user. Here are some strong password practices:
- Length: Use a password with at least 12 characters.
- Complexity: Combine uppercase and lowercase letters, numbers, and symbols.
- Uniqueness: Avoid using the same password for multiple accounts.
- Password Managers: Consider using a password manager to generate and store strong, unique passwords for all your accounts.
Grant Sudo Access:
Linux uses groups to manage permissions. The “wheel” group has sudo access by default. Let’s add “myuser” to the “wheel” group:
sudo usermod -aG wheel myuserVerify Sudo Access (Optional):
Switch to the new user:
su - myuserTry running a command with sudo:
sudo ls /rootIf prompted for the user’s password and the command executes, sudo access is granted.
Service Accounts vs. User Accounts#
So far, we’ve discussed user accounts, which are for human users who log in and interact with the system. There’s another type of account: the service account.
Service Accounts:#
These accounts are used by programs or services running on your system. They provide a secure way for these programs to access resources without requiring human intervention or a traditional user login. Service accounts often have specific permissions assigned to them, allowing them to perform limited tasks.
User Accounts vs. Service Accounts:#
The key difference is that user accounts are for human users, while service accounts are for automated tasks. Furthermore, service accounts often don’t have a login shell like users do, in certain distributions, they have /usr/sbin/nologin as login shell.
User accounts typically have more privileges and require a password for login, while service accounts are designed for secure programmatic access with limited permissions.
Security First!#
Here are some key security practices to follow when managing users and permissions on your AlmaLinux server:
- Principle of Least Privilege: Grant users only the minimum permissions they need to perform their tasks. This minimizes the damage if a user account is compromised.
- Strong Password Policies: Enforce strong password requirements as mentioned previously. Consider using a password manager and avoid sharing passwords.
- Disable Root Login: For enhanced security, disable direct root login via SSH. Use sudo for administrative tasks when necessary.
- Regular Updates: Keep your system software and packages updated to address security vulnerabilities.
- Monitor System Activity: Regularly review system logs for suspicious activity.
By following these security best practices, you can minimize the risk of unauthorized access and keep your AlmaLinux server secure.
Now you have a dedicated sudo user for managing your AlmaLinux server, separate non-privileged users for everyday tasks, and an understanding of service accounts for automated processes!