- Lab
- A Cloud Guru
Create New sudo Users
In a proper production environment, not every user that needs elevated privileges for a server will have the `root` password. Instead, those users that need to perform system administrative tasks would be granted the ability to use the `sudo` command when elevated privileges are needed. This learning activity will provide an opportunity to create new users that will be granted varying degrees of `sudo` access.
Path Info
Table of Contents
-
Challenge
Create two new users.
- Create two new users on the system, and assign the
avanceuser to thewheelsupplemental group:
sudo useradd -m gfreeman sudo useradd -G wheel -m avance- Set the password for both accounts to
LASudo321:
sudo passwd gfreeman sudo passwd avance - Create two new users on the system, and assign the
-
Challenge
Verify the `/etc/sudoers` file and test access.
- Using the
visudocommand, verify that the/etc/sudoersfile will allow thewheelgroup access to run all commands withsudo. There should not be a comment (#) on this line of the file:
%wheel ALL=(ALL) ALL- From the
cloud_userlogin, use thesu(substitute user) command to switch to theavanceaccount, and use the dash (-) to utilize a login shell:
sudo su - avance- As the
avanceuser, attempt to read the/etc/shadowfile at the console:
cat /etc/shadow- As a regular user,
avancedoes not have sufficient privileges to do so. Rerun the command with thesudocommand:
sudo cat /etc/shadow- After you have verified that
avancecan read the/etc/shadowfile, log out of that account:
exit - Using the
-
Challenge
Set up the web administrator.
Now we need to configure
gfreeman's account to have the ability to restart or reload the web server when needed. Since he will be the webmaster, he needssudopermissions to restart the service.- First, create a new
sudoersfile in the/etc/sudoers.ddirectory that will contain a standalone entry for webmasters. Use the-foption with thevisudocommand to create this new file:
sudo visudo -f /etc/sudoers.d/web_admin- Enter in the following at the top of the file. This will create an alias command group that we can apply to any user or group that we add to this file. This group of commands will contain the necessary commands for restarting or reloading the web server:
Cmnd_Alias WEB = /bin/systemctl restart httpd.service, /bin/systemctl reload httpd.service- Add another line in the file for
gfreemanto be able to use thesudocommand in conjunction with any commands listed in the WEB alias:
gfreeman ALL=WEB-
Save and close the file.
-
Next, log into the
gfreemanaccount:
sudo su - gfreeman- Attempt to restart the web service:
sudo systemctl restart httpd.service- Now
gfreemancan restart the web server. As thegfreemanuser, try to read the newweb_admin sudoersfile with thesudocommand:
sudo cat /etc/sudoers.d/web_adminSince the
catcommand is not listed in the command alias group for WEB,gfreemancannot usesudoto read this file. - First, create a new
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
