First To Do After FreeBSD OS Installation

First To Do After FreeBSD OS Installation

By |

Last Updated on 2025-01-29 15:49 by Sture

Reboot the system after installation of FreeBSD base OS with:

root@:~ # reboot [enter]
Connection to 192.168.1.250 closed by remote host.
Connection to 192.168.1.250 closed.

N.B.: Remove the FreeBSD Installation USB Stick before the system restarts!
In this example, login is performed remotely via the Terminal application from an Apple Mac Mini to a system with the local LAN IP Address 192.168.1.50 as user user.

user@Mac-mini ~ % ssh user@192.168.1.50 [enter]
The authenticity of host '192.168.1.50 (192.168.1.50)' can't be established.
ED25519 key fingerprint is SHA256:uU1ln2+R7xOW1IaKvIsrsBU+t0KFbop75RS5BcBQ0B0.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.50' (ED25519) to the list of known hosts.
(user@192.168.1.50) Password for user@freebsdsrv:
FreeBSD 14.2-RELEASE (GENERIC) releng/14.2-n269506-c8918d6c7412

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List:        https://www.FreeBSD.org/lists/questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

To change this login announcement, see motd(5).
ZFS keeps a history of commands run against a specific pool using the
history subcommand to zpool:

zpool history

More details are available using the -i and -l parameters. Note that ZFS
will not keep the complete pool history forever and will remove older
events in favor of newer ones.
		-- Benedict Reuschling <bcr@FreeBSD.org>
user@freebsdsrv:~ $

SUDO – Execute Command As The Superuser

Description:

The best practice is to never log in as the root superuser interactively. If you do – you are doing it wrong!

sudo is a program that allows a permitted user to execute a command as the superuser or another user, as specified by the user’s security policy. Unlike the su utility, sudo authenticates the user against the user’s own password rather than that of the target user. Sudo allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. This allows the delegation of specific commands to specific users on specific systems without sharing passwords among the users.

Prerequisites

To follow along, make sure you have,

  • Root access to your FreeBSD server
  • The password of the root user
Installation

Installation and configuration of sudo require superuser privileges. This sudo installation will be the only and last interactive login as the root superuser you will ever need to perform on this system.

Substitute the user identity with the root superuser identity with:

user@freebsdsrv:~ $ su - [enter]
Password: <-- RootPassWord [enter]
root@freebsdsrv:~ #

Install sudo with:

root@freebsdsrv:~ # pkg install -y security/sudo [enter]
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	gettext-runtime: 0.23
	indexinfo: 0.3.1
	sudo: 1.9.16p2

Number of packages to be installed: 3

The process will require 9 MiB more space.
2 MiB to be downloaded.
[1/3] Fetching indexinfo-0.3.1.pkg: 100%    6 KiB   5.9kB/s    00:01    
[2/3] Fetching sudo-1.9.16p2.pkg: 100%    2 MiB   1.9MB/s    00:01    
[3/3] Fetching gettext-runtime-0.23.pkg: 100%  235 KiB 241.2kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/3] Installing indexinfo-0.3.1...
[1/3] Extracting indexinfo-0.3.1: 100%
[2/3] Installing gettext-runtime-0.23...
[2/3] Extracting gettext-runtime-0.23: 100%
[3/3] Installing sudo-1.9.16p2...
[3/3] Extracting sudo-1.9.16p2: 100%
root@freebsdsrv:~ #

Configuration

A default sudo configuration file /usr/local/etc/sudoers was created as part of the installation process.

N.B.: /usr/local/etc/sudoers MUST be edited with the visudo command as root.

The use of visudo minimizes the risk of syntax or file permission errors that prevent sudo from running.

Start editing file /usr/local/etc/sudoers with:

root@freebsdsrv:~ # visudo [enter]
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
...

visudo use the famous vi editor commands. The following commands are needed for updating and saving or exiting without saving file /usr/local/etc/sudoers:

  1. Use the arrow keys to move the cursor or…
  2. Move the cursor up one line with key ‘K’, down one line with key ‘J’, left one character with key ‘H’ and right one character with key ‘L’
  3. Press key ‘I’ to start inserting charters before the current cursor location
  4. Press key ‘A’ to start inserting charters after the current cursor location
  5. Press key ‘esc’ to abort inserting charters
  6. Press key ‘X’ to delete the character under the cursor
  7. Press key ‘:’, then ‘W’ and ‘Q’ to save and exit
  8. Press key ‘:’, then ‘Q’ and ‘!’ to exit without saving

To delegate privileges to the example user user locate section User privilege specification in the file /usr/local/etc/sudoers.

Update settings as indicated in this example to allow members of the wheel group to substitute user identity without entering their password:

...
##
## User privilege specification
##
root ALL=(ALL:ALL) ALL

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL:ALL) ALL

## Same thing without a password
%wheel ALL=(ALL:ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) NOPASSWD: ALL
...

Save and exit visudo by pressing [ esc ], [ : ] and the [ W ] and finally [ Q ]
Exit as root with:

root@freebsdsrv:~ # exit [enter]
user@freebsdsrv:~ $

N.B.: User user in this example is configured to be a member of group wheel!
Display privileges for the current user with:

user@freebsdsrv:~ $ sudo -l [enter]
Matching Defaults entries for user on freebsdsrv:
   
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

Runas and Command-specific defaults for user:
    Defaults!/usr/local/sbin/visudo env_keep+="SUDO_EDITOR EDITOR VISUAL"

User user may run the following commands on freebsdsrv:
    (ALL : ALL) NOPASSWD: ALL
user@freebsdsrv:~ $
Comments are closed.