I‘m setting up a new FreeBSD server. I do not want to use a default root user who has full system access. How can I setup and grant sudo privileges to users on a FreeBSD VPS or server? How do I create a sudo user on FreeBSD 11.x/12.x/13.x?

How To Add, Delete, and Grant Sudo Privileges to Users on a FreeBSD Server
The root account has full system level access and usually reserved for admin tasks only. The sudo command allows a very small delegation of power to users other than the root user. This is good tool if you have many users, logging everything the users do with privileges, and you are granting certain privileges. Unless the user is specified, sudo will escalate the privilege to root. In this quick tutorial I will show you:

  1. How to create a new user on a FreeBSD server.
  2. How too add users access to the sudo command.
  3. How to delete users from the sudo command.
Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements FreeBSD
Est. reading time 10m

Install sudo app on a FreeBSD server/vps

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. You can install sudo using port, type:
# cd /usr/ports/security/sudo/ && make install clean
Or as a binary package, enter:
# pkg install security/sudo
See how to install sudo on FreeBSD for more info.

Adding a new user on FreeBSD

The recommended command-line application for adding new users is called adduser. Just type the following command and it will walks through the steps for creating a new user account on a FreeBSD VPS or server:
# adduser
To give existing user sysadmin privileges, add the user to the wheel group. The wheel group limits who can use sudo to become root. Hence, the syntax is as follows to grant ‘wendy’ full access to manage the FreeBSD server:
# pw group mod wheel -m wendy
Verify with the id command:
# id wendy
Here is how it looks:

uid=1001(wendy) gid=1001(wendy) groups=1001(wendy),0(wheel)

Grant users administrative privileges on FreeBSD

The configuration file is located in /etc/sudoers or /usr/local/etc/sudoers and is read-only by default. visudo command can be used to easily modify the sudoers configuration file.

To add a username to sudoers

$ su -
# visudo

Append the following line and exit from a text editor:

      alice All=(ALL) ALL

This will allow the user alice to issue sudo command and be root. It will first ask for her password. To skip asking for password when sudo command is issued, change the line to:


If you want alice to only have sudo privileges on one server in a network and restrict her to /bin/ls command as user, you would add the following:

    alice server1=(bob) /bin/ls  /home/bob

Every usage of sudo gets logged in /var/log/messages file. A sudo user can escalate to root by using the sudo command:

    [alice@hostname~]$ sudo su -


    [alice@hostname~]$ sudo -s

To execute a command as root:

    [alice@hostname ~]$ sudo whoami

Want to execute a command as another user? Try:

    [alice@hostname ~]$ sudo -u bob ls /home/bob

Remove a username from sudoers

To remove the privileges, take the user off the sudoers configuration file i.e. delete following line from config file by running visudo command:



      alice All=(ALL) ALL

To completely remove a user (say alice) from the system, run rmuser as the superuser:
# rmuser alice

Summing up

You learned how to create a sudo user on FreeBSD Unix desktop or server. For more usage patterns, see the man pages: visudo(8)

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum