Setting Up Sudo

Sudo is more than just a way to get a sandwich. It allows users to temporarily escalate their rights, instead of, say, always running as root.

When first setting up an Arch Linux system, it’s important to set up sudo. Sudo is not in the base group of packages, so it’s up to you to manually install it.

I think the cleanest way to enable sudo for your user is to add your user to the wheel group, and then enable sudo for that group.

Adding your user to the wheel group

The following command adds a new user named archie, specifies bash as their login shell, and adds the user to the wheel group.

$ useradd -m -G wheel -s /bin/bash archie

Installing sudo

Perform the following as root.

$ pacman -S sudo

Editing the /etc/sudoers file

Sudo uses the /etc/sudoers file for its configuration. Like any configuration file, you can just edit it directly. But, a mistake in this particular file can cause you to lose important rights to your machine. So a helper utility is offered, visudo. Visudo will gracefully fail (and not change the configuration) if you’ve made a mistake.

As root, run:

$ visudo

Allowing sudo for wheel group

You can enable sudo for the wheel group by uncommenting this line:

%wheel ALL=(ALL) ALL

One of the next lines offers the option to allow sudo without a password, but I avoid his option. I like to think that if someone managed to break into my machine as a wheel user, they’d still have to know the user password before escalating their privileges. So I leave this option commented out.

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

vim consideration

Later on, if you decide to switch from the vi editor to vim (or maybe your distro only comes with vim), you may run into a little issue.

$ sudo visudo
$ visudo: no editor found (editor path = /usr/bin/vi)

This is because vim replaces vi.

To fix temporarily, try this:

sudo EDITOR=nano visudo

To fix for the session, try this:

$ export EDITOR=/usr/bin/vim
$ visudo

You can temporarily override the setting by adding the following line in the Defaults specification section:

# Defaults specification
$ sudo EDITOR=vim visudo

Then the first thing you should do is uncomment or add this line:

# Defaults specification
Defaults editor=/usr/bin/vim

After that, sudo visudo should work.

All the above applies for other editors (eg. nano) as well.

References

• “Users and groups - ArchWiki”, “Arch Linux”
• “visudo does not respect VISUAL or EDITOR / Applications & Desktop Environments / Arch Linux Forums”, “Arch Linux”