Setting up SUDO Gentoo

I had not been using SUDO on my testing server until just a little while ago (like less than a few hours).  I realized that this is a problem which I should fix, so I did.  Well mostly…

Installing SUDO

After trying to see what I had to do to get SUDO working correctly, I tried a simple test to see if SUDO was installed in a way that it was working at least to the point of finding it, with the sudo command.  It didn’t.  So I decided that it needed to be installed.  With my unprivelaged user I did:


$ emerge --pretend sudo

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N     ] app-admin/sudo-1.8.15-r1  USE="ldap nls pam sendmail -offensive (-selinux) -skey"

The package wasn’t installed, I checked out the USE flags. Decided not to change any of them.

I then looked and did the install with the root user.


# emerge --ask sudo

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N     ] app-admin/sudo-1.8.15-r1  USE="ldap nls pam sendmail -offensive (-selinux) -skey" 

Would you like to merge these packages? [Yes/No] yes

This went as it usually does. So, that means it took a while to do, but it was successful.

Enabling SUDO For Requested Users

With the command visudo I edited the sudoers file so that the following lines were used:


root ALL=(ALL) ALL
%sudo	ALL=(ALL:ALL) ALL

With this I expected adding the user to the group sudo would allow that user to use sudo. So I found to do that, I would need to add the group sudo and then add the user to the group. As that group didn’t exist already.

# groupadd -r sudo
# usermod -aG sudo username

This should have allowed me to sudo. So I tested it, but it didn’t work. It complained that I wasn’t allowed to use the group from username. So, I changed it to remove the :ALL which context highlighting wasn’t really understanding. Still no luck, so I added the user individually. Now it works. But not how I would like it to.

I will look into what might be a problem with this. For now, we currently have a working setup, but it’s a bit along the “too hard coded” line for my feeling it is actually fully working.

This entry was posted in Computer Security, Computer Support. Bookmark the permalink. Both comments and trackbacks are currently closed.

One Trackback