Install sudo in Alpine Linux

Last updated: October 8, 2024

Reviewed by: Michael Krimgen
Baeldung Pro – Linux – NPI EA (cat = Baeldung on Linux)
announcement - icon

Learn through the super-clean Baeldung Pro experience:

>> Membership and Baeldung Pro.

No ads, dark-mode and 6 months free of IntelliJ Idea Ultimate to start with.

1. Overview

Alpine Linux stands out as a lightweight and secure distribution, making it highly suitable for containerized environments because of its simplicity and small size. However, it’s equally ideal for minimalistic systems or environments that require heightened security. By default, it doesn’t include the sudo utility, an essential tool for granting administrative privileges to specific users, allowing secure system management.

In this tutorial, we’ll explore the steps necessary to install and configure sudo on Alpine Linux, ensuring users can manage their systems effectively and securely.

2. Understanding sudo and Alpine Linux

Before diving into the installation process, it’s important to understand why sudo is essential in a Linux environment and how Alpine differs from other distributions:

  • sudo is a tool that allows non-root users to execute commands with elevated privileges. It offers a more secure solution than working directly as the root user since it can limit actions while logging executed commands.
  • Alpine follows a minimalistic design, incorporating only essential packages and the core system. As a result, Alpine is exceptionally fast and resource-efficient. However, this approach also excludes many common tools, such as sudo, by default.

Users manage most additional configurations and installations in Alpine using apk, Alpine’s package manager. Now, let’s see how to use this tool to install sudo.

3. sudo Package Repositories in Alpine Linux

Alpine Linux defines its package repository locations in the /etc/apk/repositories file, from where apk, the package manager, fetches software for installation. This file also controls system updates and the versions of available packages. It’s crucial for any package management tasks in Alpine Linux.

Here’s an example of what a typical /etc/apk/repositories file might look like:

#/media/cdrom/apks
https://dl-cdn.alpinelinux.org/alpine/v3.19/main
https://dl-cdn.alpinelinux.org/alpine/v3.19/community

In this example, the file contains two repositories:

  • the main repository serves as the primary source for packages directly supported by the Alpine team
  • the community repository contains user-contributed packages that Alpine approves

To install certain packages, such as sudo, it’s essential to verify the presence of the community repository, which includes the sudo package.

If we use a different version of Alpine, we can replace v3.19 with the corresponding version. To check the current version, we can run the following command:

$ cat /etc/alpine-release

This command displays the current version of Alpine Linux installed on the system.

4. Installing sudo

As with any Linux distribution, it’s always good practice to start by updating the list of available packages to ensure we have the latest versions. Here’s how to proceed on Alpine:

$ apk update

This command will update the package index and ensure that the system is ready for new installations.

After we enable the community repository and complete the package database update, we proceed to install sudo on the system:

$ apk add sudo

This command installs sudo along with any required dependencies. After completing the installation, we can verify that sudo has been successfully installed by running the following command:

$ sudo --version

This command displays the installed version of sudo, confirming that the installation was successful.

5. Creating and Configuring a Non-Root User

For security reasons, sudo helps avoid direct use of the root account, reducing the risk of accidental or malicious changes. Therefore, creating a non-root user with limited privileges, while granting them access to sudo, ensures secure administrative tasks while maintaining system integrity.

5.1. Creating a Non-Root User

To create a new user, we can either use the built-in busybox utility adduser, or the utility available in the shadow package named useradd:

$ adduser baeldung

This command will prompt for some basic information like the user’s password and other optional details.

5.2. Adding the User to the sudoers Group

Once the user is created, we proceed to grant them sudo permissions. This essential step allows the user to execute commands with elevated privileges, enhancing their ability to manage the system effectively. This is done by modifying the /etc/sudoers file, which controls which users can use sudo and what commands they can execute.

To edit this file, it’s best to use the visudo command to avoid syntax errors. We can modify the file as follows:

$ visudo

Then we add the following line to give the user sudo privileges:

baeldung ALL=(ALL) ALL

This grants the user permission to execute any command with elevated privileges.

6. Securing sudo

To enhance the security of the system, we can implement additional measures that help prevent the misuse of sudo. By doing so, we not only protect sensitive commands but also ensure that unauthorized users cannot gain elevated privileges easily.

6.1. Configuring a Timeout for sudo Privileges

By default, once we enter the password for sudo, we don’t have to re-enter it for several minutes. However, we can enhance security by easily adjusting this timeout period. Specifically, we modify the sudoers configuration using the visudo command; for instance, by adding the following line, we specify the desired duration:

Defaults timestamp_timeout=3

This configuration allows users to use sudo without re-entering the password for three minutes. By setting this value to 0, we ensure that the system prompts for the password every time sudo is invoked, thereby increasing security and reducing the risk of unauthorized access.

6.2. Restricting Accessible Commands

If we want certain users to run only specific commands with sudo, we can enforce this restriction. For example, to allow the user baeldung to run only file management commands like cp, mv, and ls with sudo, we can modify the sudoers file like this:

baeldung ALL=(ALL) /bin/cp, /bin/mv, /bin/ls

This adds an extra layer of security by limiting the actions allowed with sudo.

7. Testing the Configuration

Now that everything is set up, we can test whether the user can use sudo correctly. We log in as the newly created user with the following command:

$ su - baeldung

Next, we can test sudo by running a simple command, such as:

$ sudo ls /root

Once everything is set up correctly, the system first prompts the user for their password. After the password is entered, the system displays the contents of the /root directory, which is typically inaccessible to standard users.

8. Conclusion

In this article, we’ve seen that installing sudo on Alpine Linux is a straightforward process that significantly enhances user management and system security.

By adding sudo, we can improve system security by granting elevated privileges to users without constantly using the root account. Additionally, it enables the logging of critical commands and allows for fine adjustments to user permissions. As a result, these steps strengthen and secure Alpine Linux system.