Add User To The ‘sudoers’ Group

Today we’ll have a pretty straightforward article that’s meant for those who want to add a user to the ‘sudoers’ group. I have tested this in Ubuntu, specifically in Lubuntu, and it works. It shouldn’t be a complicated article, one easy enough for anyone to follow.

I am not 100% certain if this will work in other distros, so comment and let me know if it works with others. It should work in Debian, the official Ubuntu flavors, Mint, POP!_OS, ElementaryOS, and more. That much I’m pretty confident of, but I’ve done limited testing.

This article is going to assume you’re using ‘nano’ as your default text editor. That’s important for this, otherwise, you’ll need to change the directions to match your text editor of choice.

Let’s Install Nano (With Some Bonus Information)

We’ll be using a tool known as ‘visudo’. The man page defines it as:

visudo — edit the sudoers file

It’s important to use visudo to edit the sudoers file because it checks for errors and will prevent you from making syntax errors. It can’t correct bad information, but it can prevent you from making some basic mistakes.

What is the ‘sudoers’ file? 

Well, simply put, that’s the file that decides who has the rights to access sudo, and what rights they have to do so. A sudo user has administrative privileges, that is the ability to edit files that can’t be edited by a regular user. The sudo users can do things like change system files, change system settings, and add or remove software. They’re administrators (though you technically can give them limited rights, which is a topic for another article) so to speak.

So, What Is ‘sudo’ Anyhow?

You should make good choices when deciding which accounts have sudo access. They, at least by default, have the keys to the kingdom. A user with sudo access has complete control over the system. This isn’t always a good thing.

Many distros, including Ubuntu, use sudo instead of a root account. Root also has the keys to the kingdom. It’s a good way to view sudo as temporarily elevating the user’s rights to that of the root user. It should be obvious why this is beneficial.

Most of us don’t want our account to have root access all the time because it stops us from editing files we might not want to access – and the software we use also only has our regular user’s limited access to the system. Some folks are into running as root, and some distros have root enabled by default. The great thing about Linux is the choices available, including choices about security.

How To: Enable The Root Account in Ubuntu
How To: Graphically Login as Root in Ubuntu

(It’s generally suggested you not follow the directions given at those two URLs, but I’m a big fan of choice and of sharing information. So, you can do what you want. I do ask that you be careful and be a good netizen.)

That’s what we’ll be doing today. We’ll be learning how to add a user to the ‘sudoers’ group (file I suppose). Those user accounts will then have sudo access, the keys to the kingdom. There are a ton of valid reasons for doing this, and some not-so-good reasons. It’s your device. You do you!

Add A User To The ‘sudoers’ Group:

Yes, this article requires a terminal. I don’t know of a GUI way to accomplish this task. I’m sure there is one, but I don’t know. If you know of one, feel free to add a comment. Otherwise, press CTRL + ALT + T and your terminal should pop open.

With your terminal now open, you can easily just run the following command:

Of course, that’s the easy way…

If you want, you can manually edit the sudoers file. You’ll want to know how to do this if you only want to give the user elevated permissions to certain directories or files. So, I’ll include that. We can use this article as a reference article for a future article.

To manually edit the sudoers file,  you just run the following command:

You’ll then add the following line at the bottom of the file:

Replace the obvious with the obvious, as always. Be extra careful to avoid typographical errors. Then, you’ll save the file. As we’re using nano, the process to save the file is pressing CTRL + X, then Y, and then ENTER – and that should save the file. Congrats, you now know how to add a user to the ‘sudoers’ file.

Closure:

Well, it’s another article. As I mentioned, there are legitimate reasons to add a user to the sudoers file. There are also legitimate reasons for not doing so. It depends on you and your circumstances – and your computing goals are your own. This is Linux. We can do what we want!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Guest Article: Kickstart Vol. III

Today is the third guest article in a row, and is one more article about Kickstart. There will be more Kickstart articles, but we’ll release those in time. This is the third one in a row, so we’ll try to mix it up a bit.

By now, we should all have at least a little familiarity with Kickstart. Frankly, I’ve still not had a chance to use it – but it does seem like it’d be fun to play around with it. If I were an admin of anything major, I’d definitely look to Kickstart as a solution. Again, if you read this on day one, be sure to check back later as the author may suggest some edits.

See the previous articles here:

Guest Article: Kickstart Vol. I
Guest Article: Kickstart Vol. II

Kickstart Vol. III

Now we need to create a menu for your Kickstart, so you can select which OS you want to install.

Now edit a new file named grub.cfg. It must be named grub.cfg. Here is an example of what it should look like.

The set-default lets you pick which is the default install, it starts at zero, so the options here would be 0, 1 and 2.

Note the IP address of my Kickstart server is here, the path to my extracted iso directory is here, and the location of my boot kernels is here.You can change all of these to fit your needs.

Now we need the actual anaconda-kickstart.cfg files, this is what actually does all the work.The location of these, is set in the grub.cfg file above. You will want these to be in the extracted iso directory, but not in the “dvd” sub-directory.

Here is an example of what one of these would look like. This one is fairly basic.

Again you see the IP address of my kickstart server here, you see the location of my extracted iso files here.Now there are a few things you will need to know in advance.

What I typically do, is install the OS from a USB the first time.In the case of fedora/redhat/CentOS there will be a file at /root/anaconda.cfg. You can copy this file as a starting template for your kickstart of this OS.

(Yes I am re-naming the file here.)

Also you will need the password has strings for your users.

(Or whatever user name you use.)

You will need to know the name of the LAN interface, and you will need to know the size of your hard, and how big the partitions should be.All of these things will be in your anaconda.cfg file

Now change and edit a few things in your fed35srv/fed35.cfg file now.

Change the graphical install to..testskipx This uses a cli interface, not a GUI when installing.

Change the url line to the location of your extracted iso directory in your web server. Note you don’t put the full path, only the path from your webroot.

I like to turn off seLinux, but you can delete that line if you like.

Change your timezone to whatever is appropriate for you.

Using the two example user lines above (those aren’t real hashes, I just typed a bunch of random characters to simulate what it looks like). Edit the user lines to be whatever your values are.

That’s it, you’re don! Now boot your test computer on the kickstart network. A Kickstart menu should appear. Select the appropriate OS.

I’ve found this usually works best with a few settings on the test computer. CSM should be disabled. Network stack should be enabled. Some UEFI settings let you pick PXEboot IPv4 as a boot option. This is preferred. I’ve found it works best with a freshly formatted hard-drive, that way it doesn’t try to boot into the installed OS.

Good luck!

Closure:

And there you have it! You have a guest article, from dos2unix, about Kickstart. There are now three of them and there are a couple of others sitting in the potential queue. We’ll get to them. These few days off have been a very welcomed respite!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Guest Article: Kickstart Vol. II

Today’s guest article is a continuation of the Kickstart theme. The first Kickstart article can be found here. Thanks goes out to dos2unix from the Linux.org forums.

I should mention again that I don’t actually know anything about Kickstart, other than what I’ve read in these articles. I’m extremely grateful, but you may want to check back a few times to ensure all the editing is complete!

Kickstart Vol. II:

Now that we have your web server, dhcp, and tftp server configured, we will need to enable the firewall for them.

On Fedora it looks like this:

Now we need to extract the iso files you have handy (you did already download these, right?) I should have mentioned you will need the “server” version of these iso’s. There is a way to make the workstation iso’s work, but that’s for another more advanced article.

For the example here, I put everything in: 

When that gets done copying, we can add another OS’s iso if you like:

If you have more iso’s repeat the same for CentOS or Redhat or whatever you have.

Again, when it gets done copying, simply umount the iso image. I confess, I’m something of a minimalist. I like short names like pub/fed35srv. If you like long names you could have something like /public/fedora35-server/x86_64/ I’m too lazy to type all of that in all my config files.

Now we will install the boot kernels. This isn’t actually the full kernel yet, just a lite kernel with enough parts to boot the system from the network.

Just about all computers have one of two types of internal configuration systems. Legacy BIOS and UEFI. Most newer computers in the last 8 years or so,are UEFI, but there are still plenty of Legacy BIOS systems around. For the purpose of this article we will set-up for both types.

In your /var/lib/tftpboot directory, we will make two directories. One for BIOS and one for UEFI.

Technically you could rename the efi directory to something else, but the pxelinux for legacy BIOS systems is hardcoded in some files.

Now you will need to download a couple of files. I recommend using the Fedora 35 version, even if you are going to be installing Redhat or CentOS. They are newer, have more features, bug fixes, and support more hardware.

But you can use the CentOS or Rehat versions if you want to. Shim-x64, grub2-efi-x86, and grub2-efi-x64-modules. We will need to extract these rpms. You can do this in /tmp or somewhere safe.

If it says this is already installed, replace install with reinstall. These are the efi files you will need for efi based systems.

This will create 3 directies in /tmp.

You can delete these directories in /tmp if you like, you are done with them. Make sure you don’t put a leading / and actually delete /usr and /etc.

The next part depends on what iso’s you have downloaded and extracted. But hopefully you will get the idea.I am using Fedora 32, Fedora 35, and Redhat 9 as my examples. You can use whatever directory names you like.

That’s enough for this article, will add next part later.

Closure:

And there you have it, another article and this one is a guest article – just like yesterday and probably just like tomorrow. I’m extremely grateful for the respite and wish I knew more about Kickstart. I think, for future reference, I’m gonna ask that folks register and write the draft here. I think it’d streamline it.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Guest Article: Kickstart Vol. I

This is an article about Kickstart written by guest author, dos2unix from the Linux.org Forum. It’s the first of a few articles from them, so let’s give them a warm welcome and enjoy their article!

Kickstart Vol. I

Kickstart is really Redhat/CentOS/Fedora-centric. There are some attempts for parts of this work on Ubuntu and SuSE, but so far there is really little support for this. Kickstart does a lot of the mundane work for you. It sets up the filesystems for you, you control this size and format of them. It creates user accounts for you, sets up your network for you, and installs the packages you want to be installed (or not installed). You can even run a shell script automatically when everything is done.

Now if you only have one computer, and you only install the OS once a year, this isn’t going to save you much time. However if you have quite a few computers, for example a data-center with dozens or hundreds of servers. Or even a few test systems that have to be rebuilt every day or every few days. Then this can save you a lot of time.

The Kickstart computer itself doesn’t have to be anything fancy. In fact, it doesn’t even have to run one of Redhat type OS’s listed above. It can be Debian, Ubuntu, or whatever you like. It’s best if it has two LAN (Ethernet) interfaces. Most computers cannot be Kickstarted over WiFi yet. You can use a single network interface, but it makes things a little more difficult. If you have a lot of computers to Kickstart, I recommend that you get a small un-managed switch. 5 or 8 ports should be plenty, unless you’re at a data-center.I have worked in data-centers, but now I work at a place that writes software, and we test it over and over again, so I have to “rebuild” the OS sometimes several times a day.

Obviously you’ll need a computer to do this. If possible you’ll want a second computer to test on. One that will be the computer that’s being “Kickstarted”. You’ll need about 20 GB of free space on your Kickstart server to install .ISO images of the OS(es) you want to install.

Your Kickstart server will need three items installed. There are multiple ways to do this. We will discuss a couple of the most common ones. Perhaps a follow-up article will offer more options if there is enough interest.

First you need a web server like Apache httpd, or NGINX, you could even use the simple Python web-server, it doesn’t matter that much.

Second you’ll need a DHCP server, again you could use either BIND or dnsmasq, we will discuss both ways. Finally you’ll need a tftp server. If you use dnsmasq,it has a tftp server of sorts built-in.

It’s beyond the scope of this article to teach you how to install these items, it is assumed you already know how to install software.Note that this will have to be on a different network that your normal home/work/datacenter network.

You don’t want Kickstart erasing, wiping out, and re-installing the OS’s on your every day driver. This is why I recommend one with two interfaces. Otherwise, you’ll have to re-configure your network to download packages, install updates,and add more packages if necessary, and then re-configure it back to your Kickstart network. That gets old in a hurry, trust me.

I’m using Fedora as my Kickstart server. I currently have configurations to install Redhat 8, Redhat 9, CentOS 8, Fedora 33, Fedora 34, and Fedora 35. I install all of these on 3 different computer hardware types. You don’t have to install the same OS that your Kickstart server is running. For this first example, I’m going to use NGINX as my web server, dhcpd (BIND) as my DHCP server, and tftp-server, as well… My tftp server. My Kickstart has two LAN interfaces, it doesn’t really matter too much how you have the first interface configured.

Again, it’s beyond the scope of this article to tell you how to configure your network interfaces, it is assumed you already know how to do this. You’ll want a static IP on your second interface.A gateway isn’t required, for this article, we can just 192.168.7.227, try to pick something obscure that no one else will use in the environment you are in. I will go ahead a use a /24 subnet or 255.255.255.0 for those who aren’t familiar with CIDR subnet masks.

Remember this IP address, it will be used in quite a configuration files. Again you can use any IP you like,but remember what it is, because you’ll need it several times.

So for Fedora, it’s a simple dnf install -y nginx dhcpd-server tftp-server, other OS’es may vary.

Once they are installed we will need to configure them.

The first one here is NGINX. On most Linux’s I have used, the nginx.conf file is located in /etc/nginx/nginx.conf. You have a “server section” in this file.It’ll say server with a { after it. Replace the contents of your server section with the content below. This assumes your web content will be at /usr/share/nginx/html you can adjust this accordingly. This will be where your extracted .iso images will live. So make sure you have space here (or do a soft link to another directory that has space). You can use SSL/HTTPS, but again that’s beyond the scope of this article.

I also recommend adding these two lines, below your access_log section. The other lines will likely already be there.

access_log /var/log/nginx/access.log main;

Now enable and start your web server. For Fedora it’s 
systemctl enable nginx
systemctl start nginx

Now we need to configure your DHCP server. For BIND (dhcpd) the conf file is usually located at /etc/dhcp/dhcpd.conf (not to be confused with dhcpd6.conf )

Just mv the dhcpd.conf to something like dhcpd.conf-original or whatever you like, just make sure it doesn’t end with “.conf”. Now make a new files and copy the following to it.

I’m using the entire 192.168.7.x subnet here. The IP address of my Kickstart server is 192.168.7.227.Edit this file and replace the values of your server/network accordingly. The range tells my DHCP server to only give out IP addresses between 10 and 120.

Now you may be wondering about that last line, what is the “next-server” and why does it have the same IP address as my Kickstart/DHCP server? The “next server” after I receive a DHCP address is the tftp server, it’s located at the same IP address. You could run it on a different server, but most people run it on the same server.

Again just like NGINX, let us enable and start the service.
systemctl enable dhcpdsystemctl start dhcpd

For the tftp server, you really don’t have to do much, by default tftp wants tftpboot to be at /var/lib , so…

Note this is a listening socket, not really a server per se.If you want to make sure that your tftp server if pointing to /var/lib/tftpboot you can run..
systemctl cat tftp.service

You should see a line like this somewhere:

ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot

I would recommend not changing this, as several configuration files will like in this directory.

Closure:

Honestly, I edited the above the best that I could – given that I know nothing about the subject. I appreciate the articles, but it means trusting dos2unix – and I’m perfectly willing to do that. If you have any questions, you can post them here or you can post them on the linux.org forum where I share this article (as that’s where dos2unix lives).

Either way, stay tuned – as this is just the first part of a series of articles handily written on this subject. I, for one, am going to probably use the break to get a few articles ahead so that the new year starts off right.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.