- A Cloud Guru
Managing Privilege Elevation in SUSE Linux Enterprise
In this hands-on lab, we will be looking at how we can delegate privilege elevation and allow users to access sensitive areas of the system in a controlled manner.
Table of Contents
Configure `sudo` to Create an `ADMINUSER` `User_Alias` Containing `testuser` and an `ADMINTASKS` `Cmnd_Alias` for the Required Commands. Verify `testuser` Can Complete the Commands.
sudo -i visudo
Edit the contents of the file so it contains these lines in the appropriate sections (Hint: Use
/to find the areas, and there are three lines of content to be added.):
User_Alias ADMINUSER = testuser Cmd_Alias ADMINTASKS = /usr/sbin/useradd, /bin/passwd, sudoedit /etc/hosts ADMINUSER ALL=ADMINTASKS
Comment out the following lines (
Defaults targetpwmay not exist):
#Defaults targetpw #ALL ALL=(ALL)ALL
Save the file and verify
testuseris able to create a user:
su testuser #password is P@ssw0rd sudo useradd someuser
grep some /etc/passwd
Grant `admin_user` the Same Permissions as the `root` User
rootentry to the next line and substitute
rootin the user position:
root ALL=(ALL)ALL admin_user ALL=(ALL)All
Save and exit, and then become the
visudoto see if you are allowed:
Exit the file.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.