In this hands-on lab, we will be looking at how we can delegate privilege elevation and allow users to access sensitive areas of the system in a controlled manner.
Successfully complete this lab by achieving the following learning objectives:
- Configure `sudo` to Create an `ADMINUSER` `User_Alias` Containing `testuser` and an `ADMINTASKS` `Cmnd_Alias` for the Required Commands. Verify `testuser` Can Complete the Commands.
sudo -i visudo
Edit the contents of the file so it contains these lines in the appropriate sections (Hint: Use
/to find the areas, and there are three lines of content to be added.):
User_Alias ADMINUSER = testuser Cmd_Alias ADMINTASKS = /usr/sbin/useradd, /bin/passwd, sudoedit /etc/hosts ADMINUSER ALL=ADMINTASKS
Comment out the following lines (
Defaults targetpwmay not exist):
#Defaults targetpw #ALL ALL=(ALL)ALL
Save the file and verify
testuseris able to create a user:
su testuser #password is P@ssw0rd sudo useradd someuser
grep some /etc/passwd
- Grant `admin_user` the Same Permissions as the `root` User
rootentry to the next line and substitute
rootin the user position:
root ALL=(ALL)ALL admin_user ALL=(ALL)All
Save and exit, and then become the
visudoto see if you are allowed:
Exit the file.