Sudo, configuring

First, install sudo. su to root and go to /usr/ports and then find out where the port is:

[dave]@deus ~ % sudo
-bash: sudo: command not found
[dave]@deus ~ % su -
Password:
[root]@deus ~ # cd /usr/ports && make search name=sudo
Port:   sudo-1.6.7.5
Path:   /usr/ports/security/sudo
Info:   Allow others to run commands as root
Maint:  mharo@FreeBSD.org
B-deps:
R-deps:

[root]@deus /usr/ports # cd security/sudo
[root]@deus /usr/ports/security/sudo # make install clean

Once it's installed, you'll need to run visudo since there's no other way to edit /etc/sudoers (well, you can use another editor, but it just won't work.)

Note that visudo doesn't actually call the vi editor, just your default editor; if that happens to be vi then it will come up. Otherwise, your regular editor will come up.

/etc/sudoers has one entry in it:

root ALL=ALL(ALL) ALL

which doesn't really explain what those ALLs mean in context; so often a lot of folks will set the sudoers to give ALL=ALL(ALL) ALL to every user they add. That's nice, but you're giving all of root's power away. You might as well give users the root password and save them the hassle of using sudo at all.

The explanation:

sudo-user machine=(effective user rights) command

So, if I want to give Jimbo root access on my server, Pete root on my laptop and Light only to have access to shutdown on all my machines, my sudoers would look like:

root ALL=ALL(ALL) ALL
jimbo ALL=samizdata.mydomain.tld(ALL) ALL
peet  ALL=deus(ALL) ALL
light ALL=ALL(ALL) /sbin/shutdown

Using Aliases to make life easier

You can make groups within the sudoers file so that you don't have to type more than you need to. Follow this format: