Managing Privilege Elevation in SUSE Linux Enterprise

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we will be looking at how we can delegate privilege elevation and allow users to access sensitive areas of the system in a controlled manner.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure `sudo` to Create an `ADMINUSER` `User_Alias` Containing `testuser` and an `ADMINTASKS` `Cmnd_Alias` for the Required Commands. Verify `testuser` Can Complete the Commands.
  1. Edit the sudoers file:

    sudo -i visudo
  2. Edit the contents of the file so it contains these lines in the appropriate sections (Hint: Use / to find the areas, and there are three lines of content to be added.):

    User_Alias ADMINUSER = testuser
    Cmd_Alias ADMINTASKS = /usr/sbin/useradd, /bin/passwd, sudoedit /etc/hosts
  3. Comment out the following lines (Defaults targetpw may not exist):

    #Defaults targetpw
  4. Save the file and verify testuser is able to create a user:

    su testuser   #password is P@ssw0rd
    sudo useradd someuser
  5. See if someuser appears in /etc/passwd:

    grep some /etc/passwd
Grant `admin_user` the Same Permissions as the `root` User
  1. As the cloud_user, edit sudoers:

  2. Copy the root entry to the next line and substitute admin_user for root in the user position:

    root ALL=(ALL)ALL
    admin_user ALL=(ALL)All
  3. Save and exit, and then become the admin_user:

    su admin_user 
  4. Run visudo to see if you are allowed:

    sudo visudo
  5. Exit the file.

Additional Resources

You have decided it is time to delagate some tasks to members of your team. The testuser account will be used to create users and manage passwords as well as set hosts settings for the server.

Additionally, you have onboarded a new admin_user, and they should have the same permissons as root.

Using sudoers, allow testuser to add users, change passwords, and set hosts entries.

Using sudoers, provide the admin_user permissons equivalent to root.

All user passwords are P@ssw0rd.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?