Debian is a great platform for your servers. When you go with Debian you know you're getting an incredibly stable and reliable operating system, one that's been tried, tested, and proven to be good enough to serve as the basis for so many other Linux distributions.
However, did you know an installation of Debian would be missing a crucial package—at least one you've probably come to depend upon for admin tasks in Linux. That package is sudo. That's right. When you install Debian, if you need to take care of administrative tasks, you have to su to the root user (like we had to back in the old days), run your commands, and then remember the exit out of the root user.
For many, that's a security issue waiting to happen. If you fall into that category, you probably would rather have your Debian servers include sudo. Good news ... it's not only possible, it's easy.
I'm going to walk you through the process of installing sudo on a Debian 8 minimal server. You will note, if you're working with a standard Debian installation (such as a Desktop install), sudo is probably included, so you won't have to bother on such an installation. But for those who have gone with the minimal Debian install, installing sudo will be necessary.
The first thing that must be done is to install the sudo package. To do this, log into your Debian minimal server as root. Before we install sudo, let's update and upgrade the operating system with the following commands:
apt update apt upgrade
Do note, should the kernel get upgraded, a reboot will be necessary, in order for the changes to take effect. Because of this, you might want to run the above commands during non-production periods, reboot the server (if applicable), and then install sudo later.
To install sudo, issue the command:
apt install sudo
Once the command completes, sudo is installed. We're not done. At the moment the only user that can use sudo is root, and that's not going to serve our needs. Let's change that.
Adding users to sudo
In order for a non-root user to make use of sudo, they either have to be added to the sudoers file using visudo, or added to the sudo group. Because this is Debian, everyone that is in the sudo group has full sudo access. So instead of messing with the sudoers file, we're going to add our users to the sudo group. I've always found this a much cleaner method on Debian. To do this, open your terminal window, su to the root user, and issue the following command:
usermod -aG sudo USERNAME
Where USERNAME is the name of the user to be added.
Once the user logs out and logs back in, they will have full access to sudo. At this point, you no longer have to log into your Debian minimal server as root to get things done. Log in as a user who belongs to the sudo group and you'll have full admin rights to your server.
An important step
The last thing you want is to be logged into your Debian server as the root user. Don't do it. This is the very reason why sudo was created—to prevent administrators from logging in as root and find themselves possibly vulnerable to attacks. Install sudo, add users to that group, and forget about that root user, unless absolutely necessary. This is an important step in securing your Debian server.
- How to digitally sign a LibreOffice 6 document with GnuPG (TechRepublic)
- How to increase Linux security by disabling USB support (TechRepublic)
- How to fix the Docker and UFW security flaw (TechRepublic)
- How to install and use Let's Encrypt on a Ubuntu Server for SSL security (TechRepublic)
- How to harden Ubuntu Server 16.04 security in five steps (TechRepublic)
- How to manage user security in Samba (TechRepublic)
- Hackers are selling legitimate code-signing certificates to evade malware detection (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.