Making use of sudoers – configuring sudo access
Whenever the system administrator wants to provide trusted users administrative access to the system without sharing the password of the root user, they can do so using the sudo mechanism.
Once the user is given access using the sudo mechanism, they can execute any administrative command by preceding it with sudo. Then, the user will be asked to enter their own password. After this, the administrative command will be executed in the same way as run by the root user.
Getting ready
As the file for the configuration is predefined and the commands used are inbuilt, nothing extra needs to be configured before starting these steps.
How to do it…
- We will first create a normal account and then give it
sudoaccess. Once done, we will be able to use thesudocommand from the new account and then execute the administrative commands. Follow the steps given to configure thesudoaccess. Firstly, use the root account to login to the system. Then, create a user account using theuseraddcommand, as shown in the following figure:
Replace
USERNAMEwith any name of your choice in the preceding command. - Now, using the
passwdcommand, set a password for the new user account.
- Edit the
/etc/sudoersfile by runningvisudo. The policies applied when using thesudocommand are defined by the/etc/sudoersfile.
- Once the file is open in the editor, search for the following lines, which allow
sudoaccess to the users in thetestgroup:
- We can enable the given configuration by deleting the comment character (
#) at the beginning of the second line. Once the changes are made, save the file and exit from the editor. Now, using theusermodcommand, add the previously created user to thetestgroup.
- We need to check whether the configuration shown in the preceding screenshot allows the new user account to run commands using
sudo. - To switch to the newly created user account, use the
suoption.
- Now, use the
groupscommand to confirm the presence of the user account in thetestgroup.
Finally, run the
whoamicommand withsudofrom the new account. As we have executed a command that usessudofor the first time, using this new user account, the default banner message will be displayed for thesudocommand. The screen will also ask for the user account password to be entered.
- The last line of the preceding output is the username returned by the
whoamicommand. Ifsudois configured correctly, this value will beroot.
You have successfully configured a user with sudo access. You can now log in to this user account and use sudo to run commands the same way as you would from the root user.
How it works…
When we create a new account, it does not have permission to run administrator commands. However, after editing the /etc/sudoers file and making an appropriate entry to grant sudo access to the new user account, we can start using the new user account to run all the administrator commands.
There's more…
Here is an extra measure that you can take to ensure total security.
Vulnerability assessment
A vulnerability assessment is the process of auditing our network and system security through which we can know about the confidentiality, integrity, and availability of our network. The first phase in the vulnerability assessment is reconnaissance, and this further leads to the phase of system readiness in which we mainly check for all known vulnerabilities in the target. The next phase is reporting, where we group all the vulnerabilities found into categories of low, medium, and high risk.
