I've been advised by AWS documentation not to access the server as root but create a new user, and do so without a password using this flag:
--disabled-password
I now need to run a sudo command to install nginx.
How can I run a sudo command, it keeps asking for a password, for which none is set. Every time I need to use a sudo command, do I need to log in as the root user?
If I allow the new user account to have sudo access - does this not remove the entire point of having a separate account from the root for security reasons?
The file
/etc/sudoers
lists all users with root access. You probably have a line like this either in the file itself or in any file in the/etc/sudoers.d
directory:Instead of
ALL
, there might be some restrictions, for example the lastALL
replaced with a/usr/bin/apt-get
or similar so that you can only execute this command via sudo. The file itself is well documented.To make the user execute sudo commands without having a password, simply add a
NOPASSWD
to the line:And yes, this is safer than just accessing the
root
user via ssh. Generally, never log in as root and never login with a password via ssh but use public-key authentication. For more info, have a look at this answer: Why is root login via SSH so bad that everyone advises to disable it?Aws gives sudo access to default user irrespective of any linux distro you use. for E.g Ubuntu instance will have default user as ubuntu, Amazon linux distro will have default user as ec2-user, Centos/Redhat will have detault user as root/ec2_user
All you need is the right command to use for installation. Below are the commands for installation as default user.
sudo apt-get install nginx
sudo yum install -y nginx
sudo yum install -y nginx
You can add new user using
useradd
command. It's pretty simple however you'd need to generate RSA keypair for that user and add it to.ssh/authorized_keys
file in users home directory on remote host.For sudo privileges you need to add your user
/etc/sudoers
file Entry should look like below.username ALL=(ALL) ALL
But to edit
/etc/sudoers
file you need to be either default user or root user. Here is what you should do. Login as default user and edit file using following commandsudo nano /etc/sudoers