It is generally considered an administrative best practise to avoid logging in and/or operating with elevated privileges, to the extent reasonable to do so. Therefore one needs a user that is not root for performing most operations, but which can gain elevated access when required. In addition if, as recommended, one prevents root login over SSH one needs a user than one can SSH into and gain temporary elevated privileges. (Assuming a remotely accessed system, of course).
adduser -g ",,," newadmin newadmin
sudo is the traditional tool,
doas comes from the *BSD world; both give elevated access. Discussing the relative merits is out of scope here, but we will use
doas in our examples.
apk add doas
apk add sudo
newadmin user as a
doas user. Edit
/etc/doas.d/doas.conf so that it contains:
- In a new virtual terminal (e.g via
Ctrl-Alt-F2) login at the
loginprompt as your
newadminuser or start a new SSH session as
doas ls -al /root
- You should see the directory listing for
/rootwhich is owned and readable only by the
Otherwise they will be lost on reboot.
doas lbu commit