# How to leave a user non-root to use sudo



## BSDAppentic3 (Apr 23, 2018)

"I must give permissions to my account that isn't root. What should I do?"
There are tutorials that explain it very well. It is something very basic.
So, let's begin: firstly, you must edit the  /usr/local/etc/sudoers  using 
	
	



```
nano
```
Add this line: 
	
	



```
user_name ALL=(ALL) ALL
```
 : here "user_name" it's the name of the other account. Replace it by the name of your user non-root.
Press Ctrl+x and save the changes.
Now, go to the login shell. Log with your name and password of your other account.
Type sudo and see what happens.
Bye.
Edit: In case that you don't know how to open a tty, just press ctrl+alt+f2. There you can login.
Edit2: Don't make this unless you understand the risks.


----------



## SirDice (Apr 23, 2018)

Don't edit /usr/local/etc/sudoers by hand, use visudo(8). The command respects the EDITOR environment variable. The reason is that visudo(8) does a proper syntax check before applying your changes, so you can never create a broken configuration. It's also safe to use in case more than one person decides to edit sudoers at the same time.


----------



## BSDAppentic3 (Apr 23, 2018)

SirDice said:


> Don't edit /usr/local/etc/sudoers by hand, use visudo(8). The command respects the EDITOR environment variable. The reason is that visudo(8) does a proper syntax check before applying your changes, so you can never create a broken configuration. It's also safe to use in case more than one person decides to edit sudoers at the same time.



I should advice that this it's only for who that accept the risks.
Of course I already know the method that you are talking about, but I fight every time to try to save the changes inside that editor.
I prefer nano, so if you could tell me a method in which I can use that (or ee), I'll be really glad.


----------



## SirDice (Apr 23, 2018)

In your shell startup set EDITOR to nano(1). Now visudo(8) will open nano(1) instead of vi(1). Lots of tools will respect the EDITOR environment variable.


----------



## Minbari (Apr 23, 2018)

If the user it's a member of wheel group you just need to uncomment the following line:

```
%wheel ALL=(ALL) ALL
```
otherwise you need to grant that user root privileges.


----------



## BSDAppentic3 (Apr 23, 2018)

Minbari said:


> If the user it's a member of wheel group you just need to uncomment the following line:
> 
> ```
> %wheel ALL=(ALL) ALL
> ...


Why? Why only doing that? But I'm not giving permissions of root to the another account following this.
Which is best? That the user have root access, or the method about which you wrote?


----------



## Minbari (Apr 23, 2018)

BSDAppentic3 said:


> Why? Why only doing that? But I'm not giving permissions of root to the another account following this.
> Which is best? That the user have root access, or the method about which you wrote?



Adding a user in /usr/local/etc/sudoers you are giving them root privileges.

(e.g. user_name ALL=(ALL) ALL)

and that's a problem because having a user with root privileges it's a risc situation. So if you use the method I recommended you only grant that user or group the ability to run some or all commands as root for a limited period of time (5 minutes).
More about sudo/sudoers here.


----------



## BSDAppentic3 (Apr 26, 2018)

Minbari Sorry but I can't give access to my other account following your method.
It says that the user isn't in the sudoers file.


----------



## ShelLuser (Apr 26, 2018)

So make sure they're actually in the wheel group. Either check using `id` (optionally with a username as parameter) or `pw groupshow wheel`.


----------



## sko (Apr 26, 2018)

If you don't have any program/package that requires sudo, I'd highly recommend using doas(1).
It is much cleaner and safer than sudo, e.g. it doesn't allow passwords from stdin via pipes/redirection...


----------



## Minbari (Apr 26, 2018)

My previous statement was correct, you just ignore it and use only the command.


Minbari said:


> If the user it's a member of *wheel group* you just need to uncomment the following line:
> 
> ```
> %wheel ALL=(ALL) ALL
> ...


----------



## BSDAppentic3 (May 2, 2018)

Minbari Okay. Now I hadn't xorg, for some reason, when I type startx, it says "unknown command". I think that it was someone that has access to my equipment, or some virus, and like my system has root access, the virus/hacker can do it. It can be paranoia? Perhaps. But I know that there're some kind of viruses that can do this (even when they have root access, although, it is not necessary in a few cases).
I follow your method, but as a I'm an incompetent using vi, I opted for use nano.


----------



## Minbari (May 2, 2018)

BSDAppentic3 said:


> Minbari Okay. Now I hadn't xorg, for some reason, when I type startx, it says "unknown command". I think that it was someone that has access to my equipment, or some virus, and like my system has root access, the virus/hacker can do it. It can be paranoia? Perhaps. But I know that there're some kind of viruses that can do this (even when they have root access, although, it is not necessary in a few cases).


Or you just delete it form mistake?



BSDAppentic3 said:


> I follow your method, but as a I'm an incompetent using vi, I opted for use nano.


You don't have to use vi/vim, nano () it's fine just add nano to your shell rc file (.cshrc/.zshrc/.bashrc).. e.g:

```
export EDITOR=nano
```


----------



## BSDAppentic3 (May 2, 2018)

Minbari said:


> Or you just delete it form mistake?


Are you serious dude? Why the h3ck should I delete Xorg? It works fine.
At least that I have uninstalled it uninstalling another program. But still...it is very strange...


----------

