-1

I've been advised by AWS documentation not to access the server as root but create a new user, and do so without a password using this flag:

--disabled-password

I now need to run a sudo command to install nginx.

  1. How can I run a sudo command, it keeps asking for a password, for which none is set. Every time I need to use a sudo command, do I need to log in as the root user?

  2. If I allow the new user account to have sudo access - does this not remove the entire point of having a separate account from the root for security reasons?

panthro
  • 375
  • 1
  • 2
  • 8

2 Answers2

2

The file /etc/sudoers lists all users with root access. You probably have a line like this either in the file itself or in any file in the /etc/sudoers.d directory:

username ALL=(ALL) ALL

Instead of ALL, there might be some restrictions, for example the last ALL replaced with a /usr/bin/apt-get or similar so that you can only execute this command via sudo. The file itself is well documented.

To make the user execute sudo commands without having a password, simply add a NOPASSWD to the line:

username ALL=(ALL) NOPASSWD: ALL

And yes, this is safer than just accessing the root user via ssh. Generally, never log in as root and never login with a password via ssh but use public-key authentication. For more info, have a look at this answer: Why is root login via SSH so bad that everyone advises to disable it?

Community
  • 1
msrd0
  • 240
  • 3
  • 13
1

Aws gives sudo access to default user irrespective of any linux distro you use. for E.g Ubuntu instance will have default user as ubuntu, Amazon linux distro will have default user as ec2-user, Centos/Redhat will have detault user as root/ec2_user

All you need is the right command to use for installation. Below are the commands for installation as default user.

  1. Ubuntu -->> sudo apt-get install nginx
  2. Amazon linux -->> sudo yum install -y nginx
  3. Centos/Redhat -->> sudo yum install -y nginx

You can add new user using useradd command. It's pretty simple however you'd need to generate RSA keypair for that user and add it to .ssh/authorized_keys file in users home directory on remote host.

For sudo privileges you need to add your user /etc/sudoers file Entry should look like below.

username ALL=(ALL) ALL

But to edit /etc/sudoers file you need to be either default user or root user. Here is what you should do. Login as default user and edit file using following command sudo nano /etc/sudoers

Shailesh Sutar
  • 1,517
  • 5
  • 23
  • 41
  • Yes, i've generated a new user, my question refers to how can I allow that user to perform sudo commands? – panthro Oct 09 '16 at 16:28