[2025-jun-17] The SlackDocs mailing lists at https://lists.alienbase.nl/mailman/listinfo have been retired. No one has been using these lists for years and it's time to say goodbye. The list archives remain available at https://scalzi.slackware.nl/mailman/listinfo/slackdocs

[2025-jun-17] The SlackDocs Wiki has moved to a new server, in order to make it more performant.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- howtos:misc:enabling_sudo_on_slackware [2020/01/02 18:19 (UTC)] – slackjeff
+++ howtos:misc:enabling_sudo_on_slackware [2026/04/26 20:24 (UTC)] (current) – [Sources] r1w1s1
@@ Line 1: / Line 1: @@
 ====== Enabling Sudo on Slackware ======
-Sudo, substitute user of (Super User) or Super user of (acting as super user) has a big role on UNIX Likes systems, sudo allows ordinary users to temporarily get privileges from another user, widely used for the privileges of the superuser root.
+<note>
+**tl;dr** — Slackware ships with sudo installed but disabled. Enable it by uncommenting the **wheel** line in ''/etc/sudoers'' (using ''visudo'') and adding your user to the wheel group with ''usermod -aG wheel''.
+</note>
-There are many advantages and disadvantages of using sudo over su, for example sometimes we just need to perform a task quickly, such as updating the system with a single command, such as 'slackpkg update && slackpkg upgrade-all' or simply opening a file that has write and read permission only for root, for example.
+===== Overview =====
-But every superhero pays his price, as sudo allows the user to have super powers temporarily, so anyone who knows the password of your average user can have these super privileges.
+Slackware does not enable sudo by default. Administrative access is traditionally handled using ''su'' and the root account, which fits Slackware's conservative philosophy of leaving such decisions to the administrator.
-This is why it is extremely important that you have a secure password for root as well as your regular user, so you can use sudo with peace of mind.
+This document describes how to enable sudo in a clean and explicit way by using the existing **wheel** group and granting it administrative privileges via ''/etc/sudoers''.
-Unlike other distributions Slackware comes by default with sudo disabled, and we will learn how to enable it.
+This approach follows common Unix practices while preserving Slackware's emphasis on transparency and explicit configuration.
-The first step is to create a group called "sudo", for this simple task we can do it in two ways. The first is by manually creating a group, and the second is by using the 'groupadd GROUPName' command.
-Let's use manual mode for better learning and notion.
+===== Design goals =====
-The first step is to log in as root, for that use the su command, and right after we will open a groups configuration file located in / etc / group, open it with your favorite editor:
+  * keep privilege escalation explicit
+  * avoid modifying default Slackware behavior unnecessarily
+  * use group-based access control
+  * ensure configuration remains auditable
+  * prevent accidental lockouts
-<code>
-$ su
-# nano /etc/group
-</code>
-Let's navigate to the last line of the 'group' file and add a special line to sudo, my penultimate line contains the privoxy group, your file is sure to be different:
+===== Assumptions =====
-<code>
+  * Slackware is running on the system
-privoxy:x:206:
+  * sudo is installed (it is, by default)
-</code>
+  * the **wheel** group already exists in ''/etc/group'' (it does, by default)
+  * the user has root access via ''su''
+  * the system administrator understands the risks of sudo access
+===== Configuring sudoers =====
-In this same format we will create the sudo group, the format should be as follows:
+Always edit ''/etc/sudoers'' with **visudo**. It validates syntax before saving — a broken sudoers file can lock you out of administrative access.
 <code>
-groupname:x:ID:USERNAME
+# visudo
 </code>
-To check your user ID run the 'id -u' command, remember to be sudo enabled with the user.
+If you prefer a different editor, set the ''EDITOR'' variable:
 <code>
-$ id -u
+# EDITOR=vi visudo
 </code>
-We then add in the last line of the group file:
+Slackware's default ''/etc/sudoers'' already contains a commented line for the wheel group:
 <code>
-sudo:x:1000:Username
+## Uncomment to allow members of group wheel to execute any command
+# %wheel ALL=(ALL) ALL
 </code>
-Example:
+Remove the ''#'' to uncomment it:
 <code>
-nobody:x:98:nobody
+## Uncomment to allow members of group wheel to execute any command
-nogroup:x:99:
+%wheel ALL=(ALL) ALL
-users:x:100:
-console:x:101:
-tor:x:220:
-privoxy:x:206:
-sudo:x:1000:slackjeff
 </code>
-After this process, save and close.
+Save and exit. ''visudo'' will reject the file if there is a syntax error.
-Now we will need to edit the 'sudoers' file, so open with your favorite editor the file / etc / sudoers.
+===== Adding a user to wheel =====
+As root, add your regular user to the wheel group:
 <code>
-# nano /etc/sudoers
+# usermod -aG wheel username
 </code>
+Replace ''username'' with your actual login name. The ''-aG'' option appends to existing group memberships rather than replacing them.
-Open the file, find the line ''#%sudo ALL=(ALL)ALL'', this line is commented out with the trailing '#' in front of% sudo, we need to **uncomment**, remove ''#'' in front of% sudo to have effect ... if you are using the nano editor, you can use the keys simultaneously CTRL + W, will open a search field in the lower left corner, just enter ''%sudo ALL=(ALL)ALL'' for the location to be made.
-Commented sudo line:
+===== Applying the change =====
+Group changes take effect on the next login. Log out and log back in, then verify:
 <code>
-## Uncomment to allow members of group sudo to execute any command
+$ sudo whoami
-# %sudo ALL=(ALL) ALL
+root
+$ sudo slackpkg update
 </code>
-Uncommented sudo line:
+If the output of ''sudo whoami'' is ''root'', sudo is working correctly. The second command runs ''slackpkg update'' with root privileges — a typical administrative task on Slackware.
+<note>
+A reboot is **not** required. Logging out and back in is enough to refresh group membership.
+</note>
+===== Passwordless sudo (optional) =====
+For a system where you want sudo without a password prompt, use this line in ''/etc/sudoers'' instead of the standard wheel line:
 <code>
-## Uncomment to allow members of group sudo to execute any command
+%wheel ALL=(ALL) NOPASSWD: ALL
-%sudo ALL=(ALL) ALL
 </code>
-Uncommented the line of sudo, save and close, to put the icing on the cake we need to make a last setting that is very important. We know that regular users have UID 1000, and some commands are special for the super user that contains UID 0, when we run a command the system looks in the $ PATH environment variable for the location of the command we ask.
+This reduces friction but increases risk: anyone with access to your user account gains root privileges instantly. Use only on trusted single-user systems.
-There are directories like the example '/ sbin' which is accessible only with users of UID 0, an example is root itself. What happens if we try to execute a command like slackpkg for example that is inside directory? It will fail.
-So we need to add two new lines to our PATH.
+===== Notes and considerations =====
-For this still as root user let's open the file 'profile' which is located in '/ etc / profile' and find the line:
+  * Slackware does not require sudo. The ''su'' command remains fully supported and is sometimes preferable.
+  * Always test sudo from a separate terminal before closing your root session, in case something is misconfigured.
+  * Limit wheel membership to trusted users only.
+  * Syntax errors in sudoers can lock out administrative access — always use ''visudo''.
-<code>
-# Set the default system $PATH:
-PATH="/usr/local/bin:/usr/bin:/bin:/usr/games"
-</code>
-Note that there is an established pattern, directories have their field separated by ':'. At the end of '/usr/games' we add ':' and we add '/sbin' and after that we add ':' again and '/usr/sbin'. Save and close.
+===== Conclusion =====
-<code>
+Enabling sudo on Slackware is a deliberate administrative choice, not a default requirement.
-# Set the default system $PATH:
-PATH="/usr/local/bin:/usr/bin:/bin:/usr/games:/sbin:/usr/sbin"
-</code>
-<note>
+Using the wheel group and explicit sudoers configuration balances convenience and security while preserving Slackware's emphasis on transparency and control.
-Please note that your regular user (UID 1000) can now execute the maintenance commands that are found in /sbin and /usr/sbin, whereas before these commands in these directories were not even 'shown' to a regular user (UID). 1000). But even now seeing these commands we will need the super user to continue.
-</note>
-Simply put, it is the same as giving a read permission to a file, for a given user it can read but cannot write or execute, for example.
-Reboot your system with the shutdown command with parameters -r now, or simply exit your user and return so that you can execute the exit command or simultaneously press the **CTRL + D** keys.
+===== References =====
-Run tests by adding sudo in front of the desired command (s).
+  * ''sudoers(5)'' manual page
-Also test by updating your list and checksuns with slackpkg.
+  * ''visudo(8)'' manual page
+  * ''usermod(8)'' manual page
-<code>
-$ sudo ls /root/
+{{tag>slackware sudo security wheel}}
-$ sudo slackpkg update
-</code>
 ====== Sources ======
-   * Originally written by [[wiki:user:slackjeff | Slackjeff]]
+   * Originally written by [[wiki:user:r1w1s1 | r1w1s1]]
 <!-- Please do not modify anything below, except adding new tags.-->
 <!-- You must remove the tag-word "template" below before saving your new page -->
-{{tag>howtos misc sudo_on_slackware enabling author_slackjeff}}
+{{tag>howtos misc sudo_on_slackware enabling author r1w1s1}}

Trace:

Differences

Search

Navigation

Print/export

Tools

QR Code

SlackDocs

Slackware Links