๐๐ DevOps 1.2: All about Sudo! ๐ป๐
Dive deep into the world of sudo with DevOps 1.2! Learn the ins and outs of running secure sudo commands. Get ready to elevate your access control! ๐
๐ Sudo: Superuser Do! ๐
Sudo is a powerful command in Unix-based operating systems, that allows users to execute commands with elevated privileges or as the "superuser" (root). It stands for "superuser do" and enables authorized users to perform administrative tasks without having to log in directly as the root user.
The use of sudo is crucial for maintaining system security and preventing unauthorized access to sensitive resources. It helps enforce the principle of least privilege by granting temporary administrative access only when necessary, reducing the risk of accidental or malicious actions that could compromise system integrity. ๐ก๏ธ๐
So, next time you need to perform administrative tasks, remember to use sudo and wield your superuser powers responsibly! โจ๐๐จโ๐ป
๐ก Use cases of Sudo: Unleashing Superuser Powers! ๐ช๐ง
sudo -i - Change from normal user to the root user.
๐ค๐ Empower Any User (e.g. Ansible) to Execute Sudo Commands: ๐ฉโ๐ป๐ช
If you run sudo in any user which is not present in the sudoers file it will show the below error -
ls -l /etc/sudoers - To know the details about the sudoers file.
As you can see there is no write permission even for the root user.
Do visudo to open the sudoers file in Vim and add the 101st line to the file.
As you can see below we are not getting the error anymore:
If you want to remove the asking for a password which is not required when we are executing scripts in the background then add this to the 101 line. This below line will ensure to not ask ansible for its own password when executing sudo -
NOTE - If there is a syntax error or human error in the sudoers file then it will detect it and ask for an edit.
If you don't have a root user password (generally it is not there due to security reasons) then it will be difficult to fix the error.
๐ก๏ธ๐ฉโ๐ป Forge Your Own Sudoers File -
So a better solution is to go to /etc/sudoers. d/ directory and create your own file -
[root@bazinga ~] cd /etc/sudoers.d/
[root@bazinga sudoers.d] ls
vagrant
[root@bazinga sudoers.d] cat vagrant
Defaults:vagrant !fqdn
Defaults:vagrant !requiretty
vagrant ALL=(ALL) NOPASSWD: ALL
[root@bazinga sudoers.d] cp vagrant devops
[root@bazinga sudoers.d] vim devops
[No write since last change]
/bin/bash: line 1: wq: command not found
shell returned 127
Press ENTER or type command to continue
[root@bazinga sudoers.d] cat devops. # percentile to denote it for groups
%devops ALL=(ALL) NOPASSWD: ALL
[root@bazinga sudoers.d] cat *
%devops ALL=(ALL) NOPASSWD: ALL
Defaults:vagrant !fqdn
Defaults:vagrant !requiretty
vagrant ALL=(ALL) NOPASSWD: ALL
[root@bazinga sudoers.d]
So now any user who belongs to group devops can do sudo. It is a safer option than editing the file.
There is more to sudoers file like you can also give special commands to execute in the sudoers file too.
Conclusion:
๐๐ In a world filled with code and commands, you've reached the end of this epic journey! ๐๐ The tale of Sudo, the magical command that grants power, has unfolded before your eyes. ๐ก๏ธ๐ From understanding its purpose to exploring its use cases, you've delved into the depths of system administration. ๐ป๐
๐งโโ๏ธ With the knowledge of Sudo, you can now wield the mighty power to execute commands as a superuser. ๐ฉโ๐ป๐ฎ Your path to becoming a tech wizard has been illuminated, and you hold the key to unlocking the full potential of your system. ๐ ๐ก
Remember with great power comes great responsibility - "a sudo user"