SOLVED Sudo - User setup?

[Raksasas]

How do I setup a user for sudo?

In Debian, I install sudo from the repositories and add the user to the sudo group... DONE.

Before I begin. I am going to admit that I have ignored the FreeNAS jail documents stating that if I want the new user to have superuser privileges put them in the wheel group. I did this because I am thinking... I don't want the user to be a superuser and if i needed to execute a commend with elevated rights I would use "sudo". (example: sudo pkg update)

So what I have done so far:
Created the jail
Access jail
Ran updates - pkg update, pkg update
Enabled ssh

• made backup of the rc.conf file
• Edited the rc.conf file
• Code:

  sshd_enable=“YES”

• started ssh
• service sshd start

Created a user without the "wheel" group
adduser

SSH into the new jail with the new user = Good

Then I tried to sudo and it looked like it was not installed. So I installed "sudo" with pkg install sudo. I tried to add the user to the "sudo" group pw group mod sudo -m the-username but it looks like there is no group called "sudo". I then opted for editing the sudoers file.

I added the following to the bottom file after opening it with visudo:

Code:

raksasas	ALL=(ALL) NOPASSWD: ALL
Defaults: user timestamp_timeout=-1

This appears to have worked but I did not like how it does not prompt for the user's password.

I tried

Code:

test1	ALL=(ALL) PASSWD: ALL

Code:

test1	ALL=(ALL)  ALL

and a few other things that I can't remember.

I got the following message after the password prompt ever time:
/usr/local/bin/sudo: Undefined symbol "memset_s"

If I change it back to the "NOPASSWD: ALL" it again appears to work but without a password prompt

So what is what I done trying to get "sudo" to work while avoiding putting the user account in the "wheel" group.

Thanks.

 

[dlavigne]

On FreeBSD based systems (such as FreeNAS), su is different than sudo. su is built-in and requires the user to be in the wheel group. They can then su to any user account (root is assumed if not specified), as long as they know that user's password. sudo needs to be installed (which you did) and then configured using the visudo command.

 

[Jurgen Segaert]

I got the following message after the password prompt ever time:
/usr/local/bin/sudo: Undefined symbol "memset_s"

Are doing this in a warden-based jail in FreeNAS 11.1? If so, your base system is on 11.0 and packages are on 11.1 and that is causing various quirks.
Please refer to this thread: https://forums.freebsd.org/threads/63561/
You may want to try setting up an iocage-based jail instead.

 

[Raksasas]

Are doing this in a warden-based jail in FreeNAS 11.1? If so, your base system is on 11.0 and packages are on 11.1 and that is causing various quirks.
Please refer to this thread: https://forums.freebsd.org/threads/63561/
You may want to try setting up an iocage-based jail instead.

I did run across that link but was not sure what to do regarding it or if it was related. I even ran the which sudo and got this output /usr/local/bin/sudo.

I created the jail by going into the web front end. Jails -> Add button. It did a download and started the jail. I do not remember the name of the template file it used.

I will look into this iocage-based jail but I am a little confused the FreeNAS documents say, "Creating a jail automatically starts the iocage configuration process for the FreeNAS®system." So doing the gui add jail method doesn't do this, I take it?

 

[danb35]

I created the jail by going into the web front end.

Which web GUI, old or new? If you used the old GUI, you have a warden jail; if the new, you have an iocage jail. Any new jails should probably be iocage, since support for warden is going away.

 

[Jurgen Segaert]

I am a little confused the FreeNAS documents say, "Creating a jail automatically starts the iocage configuration process for the FreeNAS®system." So doing the gui add jail method doesn't do this, I take it?

What this means is that you do not need to configure anything, or turn any service on, but you can just start creating a jail, and FreeNAS will do whatever is needed (e.g. creating the underlying dataset etc...).

As dan35 said, you can use the new/beta UI to display and create iocage jails.
The other option is creating them from the command line; that is documented in the manual: http://doc.freenas.org/11/jails.html#using-iocage

If you have more than one pool in your system, you can run iocage activate <poolname> before creating your first jail, otherwise the auto-configuration may pick the wrong one. ;)

 

[Raksasas]

So.. This topic is going to be put on hold for now. I don't want to take this off-topic.

I now have to read up on the iocage jail. I got into the Beta gui and attempted to create a jail in it but I can't reach it via ping... I have some things I need to do to day so I can't spend today sitting here.

 

[Raksasas]

Update. I got a dhcp iocage jail created. I had issues creating a jail with an ip on em0 but it looks like I am not the only one. Anyway, once the jail was created I:

• Accessed it with jexec
• Updated it pkg update/upgrade
• Enabled ssh
• Created a user. I didn't add any additional groups
• Installed sudo
• Added "user1 ALL=(ALL) ALL" to the bottom of the sudoer file
• SSHed into the jail with the user that I created
• Preformed some sudo commands
• All looks good... :)

Thank you for the help.