CentOS Stream 9: Sudo Settings

By Fajar Vicky
step-1

Initial Settings

Configure Sudo to separate users' duty if some people share privileges. It does not need to install sudo manually because it is installed by default even if Minimal installed environment.

Step [1] Transfer root privilege all to a user.


[root@bizantum ~]# visudo
# add to the end: user [cent] can use all root privilege
cent  ALL=(ALL)       ALL

# how to write ⇒ destination host=(owner) command
# verify with user [cent]
[cent@bizantum ~]$ /usr/bin/cat /etc/shadow
/usr/bin/cat: /etc/shadow: Permission denied   # denied normally
[cent@bizantum ~]$ sudo /usr/bin/cat /etc/shadow
Password:     # user's own password

.....
.....
systemd-oom:!*:18957::::::
systemd-resolve:!*:18957::::::     # just executed

Step [2] In addition to the setting of Step [1], set some commands prohibit.


[root@bizantum ~]# visudo
# line 25 : add
# for example, set alias for the kind of shutdown commands
Cmnd_Alias SHUTDOWN = /usr/sbin/halt, /usr/sbin/shutdown, \
/usr/sbin/poweroff, /usr/sbin/reboot, /usr/sbin/init, /usr/bin/systemctl

# add ( prohibit commands in alias [SHUTDOWN] )
cent  ALL=(ALL)       ALL, !SHUTDOWN

# verify with user [cent]
[cent@bizantum ~]$ sudo /usr/sbin/reboot
[sudo] password for cent:
Sorry, user cent is not allowed to execute '/usr/sbin/reboot' as root on bizantum.local.   # denied normally

Step [3] Transfer some commands with root privilege to users in a group. 


[root@bizantum ~]# visudo
# line 25 : add
# for example, set alias for the kind of user management commands
Cmnd_Alias USERMGR = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, \
/usr/bin/passwd

# add to the end
%usermgr ALL=(ALL) USERMGR

[root@bizantum ~]# groupadd usermgr
[root@bizantum ~]# usermod -aG usermgr redhat
# verify with user [redhat]
[redhat@bizantum ~]$ sudo /usr/sbin/useradd testuser
[redhat@bizantum ~]$ sudo /usr/bin/passwd testuser
Changing password for user testuser.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.   # just executed

Step [4] Transfer a command with root privilege to a user


[root@bizantum ~]# visudo
# add to the end : settings for each user
fedora  ALL=(ALL)       /usr/sbin/visudo
ubuntu  ALL=(ALL)       /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/bin/passwd
debian  ALL=(ALL)       /usr/bin/vi

# for example, verify with user [fedora]
[fedora@bizantum ~]$ sudo /usr/sbin/visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##   # just executed

Step [5] It's possible to display Sudo logs on Journald ( with [journalctl] command ) or Rsyslogd ( in [/var/log/secure] file ), however, if you'd like to keep only Sudo logs in another file, Configure like follows.


[root@bizantum ~]# visudo
# add to the end
# for example, output logs to [local1] facility
Defaults syslog=local1
[root@bizantum ~]# vi /etc/rsyslog.conf
# line 46,47 : add like follows
*.info;mail.none;authpriv.none;cron.none;local1.none    /var/log/messages
local1.*                                                /var/log/sudo.log

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

[root@bizantum ~]# systemctl restart rsyslog

Comments

Post a Comment

Thank you for your comment! We appreciate your feedback, feel free to check out more of our articles.
Best regards, Bizantum Blog Team.

Popular posts from this blog

What is Random Access Memory (RAM)?

What is Random Access Memory (RAM)?

Random Access Memory (RAM) is one of the essential components in computer hardware. RAM is responsible for storing and retrieving data quickly, which is why it is often referred to as the "working memory" of a computer. This memory allows the computer to perform various tasks efficiently by providing temporary space for data and instructions that are being processed by the processor. In this article, we will take a closer look at what RAM is, how it works, and why it is important for the overall performance of a computer system.
Continue reading
By Fajar Vicky
Top SEO Tools for Digital Marketing: A Comprehensive Guide

Top SEO Tools for Digital Marketing: A Comprehensive Guide

Introduction In today's digital landscape, search engine optimization (SEO) is a critical component for any business looking to enhance its online presence and drive organic traffic. With the myriad of SEO tools available, navigating the digital marketing space can seem daunting. To streamline your efforts and achieve optimal results, it's essential to leverage the right tools that cater to your specific needs.
Continue reading
By Fajar Vicky
What does a data analyst do?

What does a data analyst do?

Did you know that 2.5 quintillion bytes of data are created every day? That’s equivalent to 250,000 Libraries of Congress, or 5 million laptops! In this ocean of data, how do we make sense of it all? That’s where data analysts come in. Data analysts are the detectives of the digital world, using their skills and tools to uncover patterns, trends, and insights from data. They help businesses and organizations make informed decisions, solve problems, and seize opportunities. Whether it’s predicting customer behavior, optimizing marketing campaigns, improving healthcare outcomes, or enhancing educational experiences, data analysts play a crucial role in shaping our world.
Continue reading
By
What is DOS?

What is DOS?

Have you ever wondered how your computer knows what to do? The answer lies in the operating system, or OS. One of the oldest and most influential operating systems is DOS, or Disk Operating System. DOS is like a command center that tells the computer what to do and how to do it. Unlike modern operating systems, DOS uses text-based commands instead of graphical user interfaces. While it may seem simple and primitive, DOS is also fast, powerful, and flexible. However, it also has its drawbacks, such as its complexity and obsolescence. In this article, we will explore the fascinating world of DOS.
Continue reading
By
How To Get Started With No-Code and Low-Code

How To Get Started With No-Code and Low-Code

Imagine your boss asks you to develop custom software for your company. But you and your team don’t have the time or experience in coding. And there’s no developer available at the moment as well. Panicking? Well, don’t. With low code/no code programming, you don’t have to be a developer to do any programming-related task. In recent years, many platforms have made it possible for programmers with little to no development experience to deliver software while meeting the needs of professional developers under time pressure. Without worrying about the specifics of underlying operating systems or scalability needs,
Continue reading
By
What is Github?

What is Github?

GitHub is a powerful and widely-used web-based platform designed for version control and collaboration , especially for developers. Built upon Git, it allows users to store, manage, and track their code projects efficiently. Beyond its repository-hosting capabilities, GitHub fosters teamwork by enabling developers to work together seamlessly, review changes, and contribute to open-source projects from anywhere in the world. Whether you're a seasoned programmer or a beginner, GitHub provides essential tools to streamline coding and project management in one centralized platform. But what exactly is it? In this article, we’ll break down everything you need to know about this essential tool for collaborative coding.
Continue reading
By