If you've gone at least some way to trying to make your server secure, you wont be running as root so you wont have access to many of the administration commands you'll need. It's easily resolved by adding yourself to the sudoers file, here's a quick guide on how to do it.
Unless you've already got an account with sudo access, you're going to need to log in as root one last time to set one up. So do the following:
And enter in the password for root when prompted. Next we'll edit the sudoers file using visudo:
This will open up the file in a vi session for editing. If you've not got crazy vi chops don't worry, were don't need to do anything complicated. Just page down to the bottom of the document and enter the following:
your_username_here ALL=(ALL) ALL
Hit esc then type:
and press ENTER. The file will be saved, and you've just granted yourself access to run everything as the root user. Now type:
to log out as root and back in as yourself. Now if we want to edit the sudoers file we can do the following:
this time when you are prompted for a password, you only need to enter your own one. And tada, the sudoers file is open again. Now let's give some more users access, but we won't be quite so generous with what they can do.
What about on a production machine where you've got a user that is a little bit trusted, but shouldn't be given total access to the system? It quite easy to setup some walled access to the commands you need to open up. In the example below, we will grant access to god for the user deploy so that we can start and stop our services through capistrano.
deploy ALL= /usr/bin/god
How about running a command as another user, without changing to that user? Simple:
sudo -u otheruser /usr/bin/command
Or running a command and pushing it to the background:
sudo -b /usr/bin/command
Or just finding out what commands you are allowed to run:
The sudoers file offers quite a lot of control over exactly what someone can run, as well as who they can run it as, and from where. Let's just quickly run through a few of the other options you've got in the sudoers file:
The following snippet allows the user bob to run all commands from anywhere, but only as alice or anne:
RunAs_Alias HELPDESK = alice, anne bob ALL=(HELPDESK) ALL
This config allows bob to run any command as any user, but only from the defined subnet:
Host_Alias MYNET = 10.1.2.0/255.255.255.0 bob MYNET=(ALL) ALL