Sudo is a very useful application. It allows a regular user to perform tasks only reserved to the root account. There is lots of documentation about sudo and there is even a book about it called “Sudo Mastery”. If you need to investigate deep on this, buy it.
Why do you need this? Well… Everyone who has had any contact with computers in the western world has used Microsoft Windows. Whatever the version. And many, many, way too many people is using the Administrator account badly. And Microsoft has done very little (almost nothing) to prevent this. This has changed with Windows 10. Thirty years later. Yeah… An Administrator account is the account to perform system maintenance, install software, and so on. If you want to surf the web, use a word processing program, a spreadsheet, a sophisticated draw program, etc you just need a regular user account.
The Administrator account is called root in the UNIX world. This account is the only one which can do anything in the system. Therefore if you gain access to this account you have all the rights and power on that machine. Now imagine you are surfing the web using your Firefox, Chrome, Safari, Edge or whatever you use for that. You go into a malicious website or one you know very well but has been attacked and has now become malicious. Some code from that website can infect yours through the web browser. If you happen to be running the Administrator (read root in the UNIX world) you are screwed. The infection may come through another method such as a virus in an USB stick someone lend you with a music file or anything you share. Since you are running your computer with the highest privileged user the virus will have plenty of room and privilege to scale up to the top and mess around with your machine. Some may install a keylogger so when you type your bank credentials they are recorded, stored and later send to the attacker. Some will just want to see through your webcam and you know… see you.
In the server realm running programs, utilities, etc as root all the time is bad and considered an insecure methodology. Sudo allows a less privileged user to act momentarily as if it were root. Mac OS X already blocks the root account so to perform any administrative task you will be prompted to put your password. Ubuntu Linux also does this by default.
Now we will install the sudo program in our FreeBSD server. As root type:
pkg install sudo
After installing it you have to configure it. To do so you have to type visudo at the terminal. A file will pop up. This is the configuration file for sudo. If you press the arrow down to see the rest of the file content you will arrive to a place where the following can be read. As you can see the root account can do everything. See the “alls”?.
## User privilege specification
root ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
For you being able to perform tasks as superuser and invoke the sudo command you have to edit this file. Just remove the # before %wheell ALL=(ALL) ALL, close the file by pressing :wq and log out and then log in. You can now become root by typing su or type sudo to have momentary root powers for certain tasks at specific times.