# How to authorize an user non root



## BSDAppentic3 (Apr 2, 2018)

I'm trying to install a desktop environment in one account that isn't root. But I can't. It says that the user doesn't appear in the "sudoers" file. Give me a moment and I'll give you the specific output.


----------



## unitrunker (Apr 3, 2018)

Use su(1) in place of sudo - or configure the user for sudo access. Another option is doas(1).


----------



## Deleted member 48958 (Apr 3, 2018)

It is possible to use su to execute commands as root,
for example `% su root -c 'pkg ins package'`
then enter root password, or edit sudoers file and add your user, or give access to the wheel group:
execute `% su root -c visudo`, then uncomment
	
	



```
%wheel ALL=(ALL) ALL
```
Save changes and add your user to the wheel group:
execute `% su root -c 'pw groupmod wheel -m [I]yourusername[/I]'` and relogin.
Voila, now you're able to use sudo with your user .


----------



## flipper_88 (Apr 3, 2018)

security/sudo should solve the original posters question.


----------



## Deleted member 48958 (Apr 3, 2018)

Chipper8827 said:


> security/sudo should solve the original posters question.


If


BSDAppentic3 said:


> It says that the user doesn't appear in the "sudoers"


then he already got security/sudo installed.
Because such output appears when user without access to sudo trying to execute `% sudo [I]something[/I]`.


----------



## Sensucht94 (Apr 3, 2018)

really, give security/doas a try; it's just better for desktop usage. Lightweight, clean, versatile, easy to use. If you still want sudo, do what ILUXA said, making sure your user has 'wheel' as primar login group (same command  as for the video group, but replace the capital `-G` with  a small `-g`)


----------



## giahung1997 (Apr 3, 2018)

Issue the command as root:

`ee /usr/etc/sudoers`

it should be on this directory or simply /etc/sudoers I don't remember, I'm not on a BSD system now.

Find the line `root ALL=(ALL) ALL` and add in the newline these thing:

`(your user name) ALL=(ALL) ALL` then save, relogin to your account and issue sudo(8) you should see the famous message.

Don't use vi/vim since it's evil for new user. Comment out to allow the user of wheel group or sudo group to use sudo doesn't work. I don't know why.


----------



## SirDice (Apr 3, 2018)

giahung1997 said:


> Issue the command as root:
> 
> `ee /usr/etc/sudoers`


Never edit this file directly, use visudo(8) to edit it.

(And it's the wrong file, it's /usr/local/etc/sudoers on FreeBSD)


----------



## Deleted member 30996 (Apr 3, 2018)

What is the advantage of using anything but `su` to issue commands as root?

I always make myself a member of the wheel and operator groups but have never used anything but `su`. I know I'm root and what I'm doing as root. When I'm done I log out to my user account.

I do know I was advised against it when talking about Solaris, but I don't see the advantage of security/sudo and have never even installed it.


----------



## bazooka07 (Apr 3, 2018)

Yes, use visudo and uncomment line about wheel group.
And add your user into the wheel group. Don't forget to logout / login


----------



## Deleted member 48958 (Apr 3, 2018)

Trihexagonal said:


> What is the advantage of using anything but  su to issue commands as root?



Personally I use sudo mostly because I want to use single zsh shell history file,
if you'll use su, then you login as root and you should use tcsh with another history,
but I like zsh more and I want to see all my actions when I execute `% history` (fc -l 1 in zsh).


----------



## SirDice (Apr 3, 2018)

Trihexagonal said:


> What is the advantage of using anything but `su` to issue commands as root?


You don't have to share root's password. With su(1) you have to enter root's password, with sudo(8) you enter _your_ password.


----------



## Deleted member 30996 (Apr 3, 2018)

Some things need to be done as root though. Not just the issuing of commands but working with files.

If I become root in the terminal then I can mount a USB stick, open a file manager from it and work with files.  I've always just worked in that environment as needed then logged out.


----------



## Deleted member 48958 (Apr 3, 2018)

Better configure device permissions with devfs, configure autofs,
and you'll be able to work with files on your flash drive as a regular user,
furthermore, your usb stick will be automounted when you'll connect it.
It is good idea to avoid root usage when it is possible to do the same things, but,
as a regular user.


----------



## Wozzeck.Live (Apr 3, 2018)

SirDice said:


> You don't have to share root's password. With su(1) you have to enter root's password, with sudo(8) you enter _your_ password.



Hum... personally I set sudo to ask for root password... and I never communicate the root password
I know this is the default behaviour of sudo, but I find a little strange and very useless to ask for a password the user in any case knows (his own password)... to grant him root's rights.

So per default, I set sudo to ask for root password, and I never communicate this password except for administrators. That's for saying  I forbide any "administrative" actions to not authorized people.

If I want to authorize some specific actions for a class of users I prefer to set a special "no password" permission on an application basis in the sudoers file. We can also in some case plays with SUID

Sudo is very useful in corporation where there are a lot of users (so not included in the wheel group), to authorize specific actions.
In a graphic remote desktop context as VNC, an administrator can unlock remotely some action taking control of the user's desktop because he knows the password.

But for most individuals like us who are also the administrators/creators of the machine... yes sudo is not very useful because WE usually log with a wheel account.

But anyway, for the majority of us who install a real desktop, Sudo is generally a mandatory dependency.

Trihexagonal doesn't use a desktop at all
He uses a standalone windows manager as fluxbox... this is the reason why the sudo package is not required in his context.

But the situation of Trihexgonal is a special case, not a general case.
For most of us , a standalone windows manager IS ABSOLUTELY NOT A DESKTOP

A real desktop is an environement bringing a mininum of  comfort and functionnalities as Gnome, KDE.... In such context, sudo is generally a required package.


----------



## Deleted member 30996 (Apr 3, 2018)

I specifically don't want my USB sticks to automount in case I want to use `dd`. As a user, you can look at the files on a mounted USB stick, and use graphics/gimp to access an image, but not make file changes or transfers.



Wozzeck.Live said:


> Hum... personally I set sudo to ask for root password... and I never communicate the root password
> I know this is the default behaviour of sudo, but I find that a little strange and very useless to ask for a password the user in any case knows (his own password)... to grant him root's rights



That's what I think and gave those poor TrueOS people grief about. Having to enter your own user password to become root doesn't make any sense to me. I set it up and am the only one with physical access.




Wozzeck.Live said:


> But the situation of Trihexgonal is a special case, not a general case.
> For most of us , a standalone windows manager IS ABSOLUTELY NOT A DESKTOP
> 
> A real desktop is an environement bringing a mininum of  comfort and functionnalities as Gnome, KDE.... In such context, sudo is generally a required package.



Oh, I wouldn't go that far.  

I tried Gnome and XFCE on Solaris, and while I liked the looks of Gnome2, I like things just the way they are now on my boxen.  

It's a configuration that maximizes my workspace and work style that I've refined over time and I always install the same limited number of programs. They are fully functional custom desktops with no added baggage.

Not some pre-rolled DE with programs somebody else thinks I need or want.


----------



## giahung1997 (Apr 3, 2018)

SirDice said:


> Never edit this file directly, use visudo(8) to edit it.
> 
> (And it's the wrong file, it's /usr/local/etc/sudoers on FreeBSD)


Thanks for the correct path. Uhm, since I don't know how to use vi, even when reading its manpage while editing I still can't. I have no way other than using ee.


----------



## SirDice (Apr 3, 2018)

giahung1997 said:


> Uhm, since I don't know how to use vi, even when reading its manpage while editing I still can't. I have no way other than using ee.


visudo(8) respects the `EDITOR` environment variable.


----------



## Deleted member 48958 (Apr 4, 2018)

SirDice said:


> visudo(8) respects the `EDITOR` environment variable.


BTW, It respects it only if you logged in as root, but if you try to run `% sudo visudo`,
sudo will ignore it, to make visudo respect $EDITOR when using sudo, one should use *-E* flag with sudo,
so `% sudo -E visudo` should be used, then visudo will use your $EDITOR.


----------



## Sensucht94 (Apr 4, 2018)

ILUXA said:


> BTW, It respects it only if you logged in as root, but if you try to run `% sudo visudo`,
> sudo will ignore it, to make visudo respect $EDITOR when using sudo, one should use *-E* flag with sudo,
> so `% sudo -E visudo` should be used, then visudo will use your $EDITOR.



or set the $EDITOR variable either  in /etc/csh.cshrc, or in /root/tcshrc if root's shell is default tcsh, 
or in /etc/profile if root's shell has been set to a Bourne-compliant one, or even use doas with `keepenv`


----------



## Deleted member 48958 (Apr 4, 2018)

Sensucht94 said:


> or set the $EDITOR variable either in /etc/csh.cshrc, or in /root/tcshrc if root's shell is default tcsh,
> or in /etc/profile if root's shell has been set to a Bourne-compliant one


It won't help with sudo, it'll work only when you'll use su,
while "keepenv" with doas should work ok, also it is possible
to add 
	
	



```
Defaults	env_keep += "EDITOR"
```
 to sudoers file.


----------



## BSDAppentic3 (Apr 5, 2018)

First of all, thank you all for your responses. I appreciate it.
Second it's that, since I literally, ruined my previous installation, I haven't the same confidence with this OS. That's why, I'm now prefer to install VirtualBox (in my case) and run a VM of FBSD.
Just in case I destroy the system.
So I'll try to get the latest version of this, create a VM, and then run whatever you have provide to me.
Just in case something goes wrong. I'm really new to this and trust me that I don't want to install the whole OS just because something it's malfunctioning.


----------



## rigoletto@ (Apr 5, 2018)

You almost never need to reinstall the system unless you do something really nasty with Kernel or Base, like recursively changing permissions or owner/groups of files in there.

For anything else done in /usr/local stuff (aka from packages and/or ports) you can always easily RESET the things if you need to go so far.

Just take care to backup any configuration file you want from /usr/local/etc first.

If the problem is related with configuration files from Base, mergemaster(8) can be used to reset them.


----------



## BSDAppentic3 (Apr 5, 2018)

lebarondemerde said:


> You almost never need to reinstall the system unless you do something really nasty with Kernel or Base, like recursively changing permissions or owner/groups of files in there.
> 
> For anything else done in /usr/local stuff (aka from packages and/or ports) you can always easily RESET the things if you need to go so far.
> 
> ...



That could be a possibility.


----------



## BSDAppentic3 (Apr 5, 2018)

lebarondemerde or who's gonna see this, I have a question, seeing all this of the SO.
What if I download: "manifest", "base-dbg", "base","doc","kernel-dbg","kernel","ports","src", and finally "tests". Then I "unify" (sorry, I don't even know if you can understand what I mean, if this is possible, or if it already exists) all these in a unique file, so doing that, I'm getting the whole system?
It's something that suddenly came to my mind.
That would not be a whole system?


----------



## unitrunker (Apr 7, 2018)

BSDAppentic3 said:


> That would not be a whole system?


It would take lots of work. Your editor must be robust enough to edit a very very large source file. Compile times would be long. Editing one line requires rebuilding everything. The compiler and/or linker might run out of memory and crash.
You would still need to compile and line loadable kernel modules separately. Ditto for user libraries.


----------



## fernandel (Apr 8, 2018)

Trihexagonal said:


> What is the advantage of using anything but `su` to issue commands as root?
> 
> I always make myself a member of the wheel and operator groups but have never used anything but `su`. I know I'm root and what I'm doing as root. When I'm done I log out to my user account.
> 
> I do know I was advised against it when talking about Solaris, but I don't see the advantage of security/sudo and have never even installed it.


I did the same all the time too . Today I installed security/doas I will try how it works...


----------

