sudo and cloud images

[Gonéri Le Bouder]

Hi,

I maintain a pet-project where I provide FreeBSD images with Cloud-Init. I've been doing this for a couple years and I'm happy to see this is something FreeBSD support natively now. I like the nuageinit approach, is simple and straightforward.

I'm testing the FreeBSD 15 cloud image and sudo is not installed by default, which is a decision I understand. What is the "correct" way to get root privileges? Do you use a user_data file to set a root password, and just use "su"? If so, what the point of the password, it sounds like some extra complexity.

Regards,

-- 

       Gonéri Le Bouder

[Eduardo Lemos de Sa]

Dear Generi

Eduardo Lemos de Sa
Professor Titular
Dep. Quimica da Universidade Federal do Paraná
fone: +55(41)3361-3300
fax:   +55(41)3361-3186

I install sudo using pkg install sudo (check the sudo version) ou using porta (security/sudo).

After installed It, it need tô edit /usr/local/etc/ sudoers aiming to set which users can run sudo (search by root user settings and copy copy the LINE).

Best regatas

Eduardo 

[Gonéri Le Bouder]

Thank you Eduardo,

So, you log-in the VM and use su to become root. You need the root password for that. This is the part that confuses me because the user_data file becomes mandatory to set the root password, which is a bit counter intuitive.

[Jesús Daniel Colmenares Oviedo]

Hi,

You must install sudo if you want to use it. The same applies to doas.
Use 'packages' for this.

I think we should clarify this in the man page and add sudo in the example.

[Eduardo Lemos de Sa]

Dear Genéri

I think I was not very clear:

1) First, as root (it means, using "su"), you need install sudo (as package or port)

2) Again, as root (it means, using "su") you must edit /usr/local/etc/sudoers (if using vim/vi, you must save the files forcely, I mean, wq! in the end)  adding which users can be sudo

3) As a user included in sudoers file, you can type any command, like, sudo mkdir /usr/local/etc/test: system will ask the password for the user (not more as root). In the first time, you (as user) must agree with terms)

I think now, I was more didatic.

Best wishes

Eduardo

Best regatas

Eduardo 

Regards,

-- 

       Gonéri Le Bouder

--

[Gonéri Le Bouder]

Yes, and I need to be root to install it, which is a bit of a chicken egg situation.

[Eduardo Lemos de Sa]

Dear Genéri

Yes, certainly is a egg/chicken problem. But in all operational systems, you need to be root to installed and to create first users. Thus, root is the only one that can determine which users can acted as administrators.

Sudo is a way to avoid become root to perform every task,

[Jesús Daniel Colmenares Oviedo]

No, if you specify 'sudo' in the 'packages' field of your 'user_data',
it will be installed. When you specify to use sudo in the user created
by nuageinit, it will be added to the sudoers file. The same applies
with doas, but using doas.conf.

[Gonéri Le Bouder]

>>> I think we should clarify this in the man page and add sudo in the example.
> No, if you specify 'sudo' in the 'packages' field of your 'user_data',
> it will be installed. When you specify to use sudo in the user created
> by nuageinit, it will be added to the sudoers file. The same applies
> with doas, but using doas.conf.

Yes, you're right, even if this unfortunately still forces the user to also prepare a user_data file.

https://github.com/freebsd/freebsd-src/pull/1944