Setting up SUDO Gentoo

I had not been using SUDO on my testing server until just a little while ago (like less than a few hours).  I realized that this is a problem which I should fix, so I did.  Well mostly…

Installing SUDO

After trying to see what I had to do to get SUDO working correctly, I tried a simple test to see if SUDO was installed in a way that it was working at least to the point of finding it, with the sudo command.  It didn’t.  So I decided that it needed to be installed.  With my unprivelaged user I did:


$ emerge --pretend sudo

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N     ] app-admin/sudo-1.8.15-r1  USE="ldap nls pam sendmail -offensive (-selinux) -skey"

The package wasn’t installed, I checked out the USE flags. Decided not to change any of them.

I then looked and did the install with the root user.


# emerge --ask sudo

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N     ] app-admin/sudo-1.8.15-r1  USE="ldap nls pam sendmail -offensive (-selinux) -skey" 

Would you like to merge these packages? [Yes/No] yes

This went as it usually does. So, that means it took a while to do, but it was successful.

Enabling SUDO For Requested Users

With the command visudo I edited the sudoers file so that the following lines were used:


root ALL=(ALL) ALL
%sudo	ALL=(ALL:ALL) ALL

With this I expected adding the user to the group sudo would allow that user to use sudo. So I found to do that, I would need to add the group sudo and then add the user to the group. As that group didn’t exist already.

# groupadd -r sudo
# usermod -aG sudo username

This should have allowed me to sudo. So I tested it, but it didn’t work. It complained that I wasn’t allowed to use the group from username. So, I changed it to remove the :ALL which context highlighting wasn’t really understanding. Still no luck, so I added the user individually. Now it works. But not how I would like it to.

I will look into what might be a problem with this. For now, we currently have a working setup, but it’s a bit along the “too hard coded” line for my feeling it is actually fully working.

This entry was posted in Computer Security, Computer Support. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

One Trackback

Leave a Reply