The file /etc/sudoers
is pre-configured to grant permissions to all members of the group admin
:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
The admin
group should first be created:
addgroup admin
Use the usermod
command to add a user to the admin
-group.
An alternative way of granting permissions to a user is by explicitly adding this user to /etc/sudoers
:
# User privilege specification
root ALL=(ALL:ALL) ALL
{USER} ALL=(ALL:ALL) ALL
After you have added the user to the sudo-list, it is time to disable remote login for the root user. Disable root SSH
access by editing /etc/ssh/sshd_config
to contain:
PermitRootLogin no
and restart the SSH service:
service ssh restart
Important: Open a new terminal, login as a non-root user and make sure you still have all sudo-rights! If everything is working fine, it is safe to exit all your sessions.