Ubuntu 22.04 LTS: Manage Sudo

By Fajar Vicky
ubuntu22-04

Initial Settings

This section explain how to install and configure Sudo to separate users' duty if some people share privileges.

Step [1] Install Sudo.


root@bizantum:~# apt -y install sudo

Step [2] Grant root privilege to a user all.


root@bizantum:~# visudo
# add to the end: user [ubuntu] can use all root privilege
ubuntu    ALL=(ALL:ALL) ALL

# how to write ⇒ [user] [host=(owner)] [command]
# push [Ctrl + x] key to quit visudo
# verify with user [ubuntu]
ubuntu@bizantum:~$ /sbin/reboot
Failed to set wall message, ignoring: Interactive authentication required.
Failed to reboot system via logind: Interactive authentication required.
Failed to open initctl fifo: Permission denied
Failed to talk to init daemon.
# denied normally
ubuntu@bizantum:~$ sudo /sbin/reboot
[sudo] password for ubuntu:                # password of [ubuntu]

Session terminated, terminating shell...   # run normally

Step [3] In addition to the setting of Step [2], add settings that some commands are not allowed.


root@bizantum:~# visudo
# add alias for the kind of shutdown commands
# Cmnd alias specification

Cmnd_Alias SHUTDOWN = /sbin/halt, /sbin/shutdown, \
/sbin/poweroff, /sbin/reboot, /sbin/init, /bin/systemctl 

# add (commands in alias [SHUTDOWN] are not allowed)
ubuntu    ALL=(ALL:ALL) ALL, !SHUTDOWN

# verify with user [ubuntu]
ubuntu@bizantum:~$ sudo /sbin/shutdown -r now
[sudo] password for ubuntu:

Sorry, user ubuntu is not allowed to execute '/sbin/shutdown -r now' as root on ubuntu.
# denied normally

Step [4] Grant privilege of some commands to users in a group.


root@bizantum:~# visudo
# add alias for the kind of user management comamnds
# Cmnd alias specification
Cmnd_Alias USERMGR = /usr/sbin/adduser, /usr/sbin/useradd, /usr/sbin/newusers, \
/usr/sbin/deluser, /usr/sbin/userdel, /usr/sbin/usermod, /usr/bin/passwd 

# add to the end
%usermgr ALL=(ALL) USERMGR
root@bizantum:~# groupadd usermgr
root@bizantum:~# vi /etc/group
# add a user in this group
usermgr:x:1002:ubuntu
# verify with user [ubuntu]
ubuntu@bizantum:~$ sudo /usr/sbin/useradd testuser
ubuntu@bizantum:~$     # run normally
ubuntu@bizantum:~$ sudo /usr/bin/passwd testuser
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Step [5] Grant privilege of some commands to a user. 


root@bizantum:~# visudo
# add to the end for each user setting
fedora    ALL=(ALL:ALL) /usr/sbin/visudo
centos    ALL=(ALL:ALL) /usr/sbin/adduser, /usr/sbin/useradd, /usr/sbin/newusers, \
                        /usr/sbin/deluser, /usr/sbin/userdel, /usr/sbin/usermod, /usr/bin/passwd
debian    ALL=(ALL:ALL) /usr/bin/vim

# verify with user [fedora]
fedora@bizantum:~$ sudo /usr/sbin/visudo
# run normally
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
# verify with user [centos]
centos@bizantum:~$ sudo /usr/sbin/userdel -r testuser
centos@bizantum:~$     # run normally
# verify with user [debian]
debian@bizantum:~$ sudo /usr/bin/vim /root/.profile
# run normally
# ~/.profile: executed by Bourne-compatible login shells.

Step [6] It's possible to display Sudo logs on Journald ( with [journalctl] command ) or Rsyslogd ( in [/var/log/auth.log] file ), however, if you'd like to keep only Sudo logs in another file, Configure like follows.


root@bizantum:~# visudo
# add to the end
Defaults syslog=local1
root@bizantum:~# vi /etc/rsyslog.d/50-default.conf
# line 8 : add
local1.*                        /var/log/sudo.log
auth,authpriv.*;local1.none     /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog

root@bizantum:~# systemctl restart rsyslog

Comments

Post a Comment

Thank you for your comment! We appreciate your feedback, feel free to check out more of our articles.
Best regards, Bizantum Blog Team.

Popular posts from this blog

Windows Server 2019: How to Install Docker

Windows Server 2019: How to Install Docker

Introduction Docker is an open-source platform that enables developers to automate the deployment, scaling, and management of applications through containerization. Containers encapsulate an application and its dependencies, ensuring consistent behavior across different environments.
Continue reading
By Fajar Vicky
What is Random Access Memory (RAM)?

What is Random Access Memory (RAM)?

Random Access Memory (RAM) is one of the essential components in computer hardware. RAM is responsible for storing and retrieving data quickly, which is why it is often referred to as the "working memory" of a computer. This memory allows the computer to perform various tasks efficiently by providing temporary space for data and instructions that are being processed by the processor. In this article, we will take a closer look at what RAM is, how it works, and why it is important for the overall performance of a computer system.
Continue reading
By Fajar Vicky
What does a data analyst do?

What does a data analyst do?

Did you know that 2.5 quintillion bytes of data are created every day? That’s equivalent to 250,000 Libraries of Congress, or 5 million laptops! In this ocean of data, how do we make sense of it all? That’s where data analysts come in. Data analysts are the detectives of the digital world, using their skills and tools to uncover patterns, trends, and insights from data. They help businesses and organizations make informed decisions, solve problems, and seize opportunities. Whether it’s predicting customer behavior, optimizing marketing campaigns, improving healthcare outcomes, or enhancing educational experiences, data analysts play a crucial role in shaping our world.
Continue reading
By
What is DOS?

What is DOS?

Have you ever wondered how your computer knows what to do? The answer lies in the operating system, or OS. One of the oldest and most influential operating systems is DOS, or Disk Operating System. DOS is like a command center that tells the computer what to do and how to do it. Unlike modern operating systems, DOS uses text-based commands instead of graphical user interfaces. While it may seem simple and primitive, DOS is also fast, powerful, and flexible. However, it also has its drawbacks, such as its complexity and obsolescence. In this article, we will explore the fascinating world of DOS.
Continue reading
By
What is Github?

What is Github?

GitHub is a powerful and widely-used web-based platform designed for version control and collaboration , especially for developers. Built upon Git, it allows users to store, manage, and track their code projects efficiently. Beyond its repository-hosting capabilities, GitHub fosters teamwork by enabling developers to work together seamlessly, review changes, and contribute to open-source projects from anywhere in the world. Whether you're a seasoned programmer or a beginner, GitHub provides essential tools to streamline coding and project management in one centralized platform. But what exactly is it? In this article, we’ll break down everything you need to know about this essential tool for collaborative coding.
Continue reading
By
What is REST API?

What is REST API?

Have you ever wondered how you can order a pizza online, check the weather forecast, or stream your favorite show on Netflix? If so, you’ve probably used a REST API without even knowing it. REST stands for Representational State Transfer, and it’s a way of communicating between different systems on the web. In this article, we’ll explain what a REST API is, how it works, and why it’s so important in today’s world. By the end of this article, you’ll be able to impress your friends with your knowledge of REST APIs, and maybe even order a pizza faster.
Continue reading
By Fajar Vicky