Add, Delete, and Grant Sudo Privileges to Users on a FreeBSD Server

How can I setup and grant sudo privileges to users on a FreeBSD VPS or server?

The sudo command allows a very small delegation of power to users other than the root user. This is good tool if you have many users, logging everything the users do with privileges, and you are granting certain privileges. Unless the user is specified, sudo will escalate the privilege to root.

In this quick tutorial I will show you:

  1. How to create a new user on a FreeBSD server.
  2. How too add users access to the sudo command.
  3. How to delete users from the sudo command.

Install sudo app on a FreeBSD server/vps

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their work done. You can install sudo using port, type:
# cd /usr/ports/security/sudo/ && make install clean
Or as a binary package, enter:
# pkg install security/sudo

Adding a new user on FreeBSD

The recommended command-line application for adding new users is called adduser. Just type the following command and it will walks through the steps for creating a new user account on a FreeBSD VPS or server:
# adduser

Grant users administrative privileges on FreeBSD

The configuration file is located in /etc/sudoers or /usr/local/etc/sudoers and is read-only by default. visudo command can be used to easily modify the sudoers
configuration file.

To add a username to sudoers

$ su -
# visudo

Append the following line and exit from a text editor:

This will allow the user alice to issue sudo command and be root. It will first ask for her password. To skip asking for password when sudo command is issued, change the line to:

If you want alice to only have sudo privileges on one server in a network and restrict her to /bin/ls command as user, you would add the following:

Every usage of sudo gets logged in /var/log/messages file.

A sudo user can escalate to root by using the sudo command:

OR

Or, to execute a command as root:

Or, to execute a command as another user:

Remove a username from sudoers

To remove the privileges, take the user off the sudoers configuration file i.e. delete following line from config file by running visudo command:

OR

To completely remove a user (say alice) from the system, run rmuser as the superuser:
# rmuser alice
For more usage patterns, see the man pages: sudo(8), sudoers(5), visudo(8)