---
categories: ['OpenWRT','System']
date: 2020-02-24T19:41:07+01:00
description: "Howto create a non-privileged user, to use sudo temporarily and correctly!"
draft: false
tags: ["OpenWRT","sudo","sysadmin"]
title: "OpenWRT: sudo"
translationKey: "openwrt-sudo"
---
## Description
By default, **OpenWRT** has one only user: the **root** admin.
We will create a new user, without privilege, only the one to administrate
correctly the system with the tool `sudo`.
## Installation
As **root**, execute all those commands:
`# opkg update`
`# opkg install shadow-useradd sudo`
{{< note tip >}}
It's possible to install the `shadow-usermod` package; this intents to set
the user account.
{{< /note >}}
## Configuration
### user configuration
Now, config the user account:
* `# useradd ego`: `ego` is the account name - *it's up to your convenienceā¦*
* `# passwd ego`: define the password
* `# mkdir -p /home/ego/.ssh`: make the main home, and the ssh folder.
* `# touch /home/ego/.ssh/authorized_keys`: create empty file *(to copy your
SSH public keys)*
* `# chown -R ego:ego /home/ego`: give the user rights on his home.
* `# chmod 0700 /home/ego`: auth only this user.
### sudo configuration
I would only talk about the sudo most secure method of configuration:
This method allows you to simply use the administrator's password without
having to login with the administrator account.
The command `sudo` must be preceded by any other necessary command.
We edit the `/etc/sudoers` with the `visudo` command:
`# visudo`
Place at the bottom of the file, and uncomment the both lignes, to remove
the `#` symbol:
`# Defaults targetpw # Ask for the password of the target user`
`# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'`
{{< note tip >}}
To save the file, after the modification, type: `:wq!`
{{}}
After saving and quit, your user can use any administration commands.
### SSH configuration
Now, it's the good time to add your ssh auth key into the `/home/ego/.ssh/authorized_keys` file.
{{< note warning >}}Be sure to copy your public key, only with the `.pub` extension!{{}}
### sysupgrade configuration
Think to edit the file `/etc/sysupgrade.conf` to add:
* your home folder,
* and `/etc/sudoers.d` *(only if you add config into this folder)*
and check with the command `sysupgrade -l`.
So, for the {{< inside "sys:openwrt:sysupgrade" "future upgrade" >}}, yours
personals datas will be saved.
---
## Documentation
* https://openwrt.org/docs/guide-user/security/secure.access#create_a_non-privileged_user_in_openwrt
----