12/20/2023 0 Comments Give user sudo access![]() ![]() ![]() You don’t need to have 100% trust with sudo as you would with su. ![]() With sudo, you can have tight control over your system, allowing certain users access to certain tasks as root without giving them control of your entire box. ![]() Which of these choices do you think is the best? Or you can use sudo to grant the person access to restart the web server, as root, without the root password and without giving them global root access to your system. You can not give them access, and have the server down until you are able to bring it up (a viable option, perhaps, but not too good for business). The first is to give this person the root password to your system, in case they need to restart the server. Because Apache binds to port 80, you need to be root in order to restart it, so you can bind to the port. You can give this client, or another administrator on site, su access to your system to allow them to restart the web server. If you need to be away from your system for prolonged access, you need a system with which you can restart Apache should something happen to it. You run a web server and you have an important client who you have given shell access to your account. This isn’t a tool to help you monitor security, but it is a tool to allow you to secure your system a little further, especially if you run a box that needs to at times allow other users some extra (root) privilege. How to add particular user to the sudoers?Īdd the following lines (allows user tuxfixer to execute root’s commands after password authentication): # Allows tuxfixer to run all commandsĥ.One of my favorite security tools is sudo. #3) With great power comes great responsibility. It usually boils down to these three things: We trust you have received the usual lecture from the local SystemĪdministrator. Try to execute some admninistrative command (that usually requires root authentication) as regular user using sudo: ~]$ sudo systemctl stop libvirtd Logout as root and login as newly created regular user: ~]# Verify supplementary group for the user: ~]# id tuxfixer Add regular user to the wheel supplementary group: ~]# usermod -aG wheel tuxfixer Note: never edit sudoers file using different tools than visudo, which edits the sudoers file in a safe fashion – it locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.ĥ. Uncomment wheel parameter by removing # mark (allows users in wheel group to execute root’s commands after password authentication): # Allows people in group wheel to run all commands Passwd: all authentication tokens updated successfully.Įdit /etc/sudoers file using visudo command: ~]# visudo Set password for new user ~]# passwd tuxfixer Create regular user ~]# useradd tuxfixerģ. How to add regular user to the wheel group and give the wheel group the unlimited access?Ģ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |