If you wish to give any other account full root access through sudo, simply add them to the sudo group. You should read more on Sudo by reading the man page: man sudoīy default, the initial user created by the Ubuntu installer is a member of the group sudo which is added to the file /etc/sudoers as an authorized sudo user. To disable the root account password, use the following passwd syntax: sudo passwd -l root
UBUNTU SUDO AS ANOTHER USER PASSWORD
Retype new UNIX password: (repeat new password for root) Sudo will prompt you for your password, and then ask you to supply a new password for root as shown below: password for username: (enter your own password)Įnter new UNIX password: (enter a new password for root) If for some reason you wish to enable the root account, simply give it a password: sudo passwd This simple yet effective methodology provides accountability for all user actions, and gives the administrator granular control over which actions a user can perform with said privileges. Sudo allows an authorized user to temporarily elevate their privileges using their own password instead of having to know the password belonging to the root account. Instead, users are encouraged to make use of a tool by the name of ‘sudo’ to carry out system administrative duties.
It merely has been given a password hash which matches no possible value, therefore may not log in directly by itself. This does not mean that the root account has been deleted or that it may not be accessed. Ubuntu developers made a conscientious decision to disable the administrative root account by default in all Ubuntu installations. Therefore, it is important that you understand how you can protect your server through simple and effective user account management techniques. Ineffective user and privilege management often lead many systems into being compromised. User management is a critical part of maintaining a secure system. If you’re working with multiple users, understanding the sudo command and the sudoers file is an absolute must.Multi-node configuration with Docker-Composeĭistributed Replicated Block Device (DRBD) Now the user bill will be able to run the tcpdump command along with other networking related commands. Next we add user bill to the netadmin group: sudo adduser bill netadmin The command tcpdump is under CAPTURE alias i.e. NETALL in turn include all commands under CAPTURE and SERVERS aliases. Users in the netadmin group can run commands specified in NETALL. What we have done in the above file is create a netadmin group. Use the following command to create the file: sudo visudo -f /etc/sudoers.d/networkingĪdd following text in the file: Cmnd_Alias CAPTURE = /usr/sbin/tcpdumpĬmnd_Alias SERVERS = /usr/sbin apache2ctl, /usr/bin/htpasswd To do so we create a configuration file in /etc/sudoers.d/ called networking. What if we want bill to be able to run only specific kinds of commands with sudo privileges, like networking? Use the Sudoers File to Grant Specific Privileges Now the user bill can no longer perform actions that require sudo privileges.
The deluser command will remove bill from the sudo group. To remove a user from sudo: deluser bill sudo If you want to give anyone root privileges just add them to sudo. If we use the grep command to check who is in the group, we’ll see the username bill. To add a user called bill to the sudo group, we use the adduser command in the command line, like so: adduser bill sudo To see which users are in the sudo group we can use a grep command: grep ‘sudo’ /etc/group Visudo makes sure that sudoers is edited by one user at a time and provides necessary syntax checks. It is recommended to use visudo to edit the sudoers file. To edit /etc/sudoers file, use following command: sudo visudo -f /etc/sudoers %sudo ALL=(ALL:ALL ) ALL – all users in the sudo group have the privileges to run any commandĪnother line of interest is #includedir /etc/sudoers.d, this means we can add configurations to the file sudoers.d and link it here.Anyone in the admin group has the same privileges as of root user %admin ALL=(ALL) ALL – the % sign specifies a group.
root ALL=(ALL:ALL) ALL – this line means that the root user has unlimited privileges and can run any command on the system.Let’s look at some of the formats and rules to follow when editing sudoers:
0 kommentar(er)
