Lesson 14 of the Linux Up Skill Challenge is called “Users and groups.” Looks like we’ll be expanding directly upon permissions from lesson 13. We’re setting up another user to fill a help-desk style role that can check disk space and reboot the server.
So we start with making a new user. sudo adduser helen. Then we set a password with sudo passwd helen. Now we look at the passwd file with less /etc/passwd which shows yesterday’s user of fred and today’s of helen. Next I am to log into the server as helen so I open a new PUTTY instance. Now I am suppose to try and reboot the server.
helen@linux-up-skill:~$ reboot
Failed to set wall message, ignoring: Interactive authentication required.
Failed to reboot system via logind: Interactive authentication required.
Failed to open initctl fifo: Permission denied
Failed to talk to init daemon.
helen@linux-up-skill:~$ sudo reboot
[sudo] password for helen:
helen is not in the sudoers file. This incident will be reported.It isn’t surprising that this fails since we’ve not given helen any permissions yet. So I switch back over to my account and run ls -l /etc/sudoers which gives a result of -r--r----- 1 root root 755 Feb 3 2020 /etc/sudoers. The lesson covers that you must be root to edit /etc/sudoers via the visudo command. So I run sudo -i and then I can run visudo. From here I can edit the /etc/sudoers file and add the following from the lesson to the bottom of the file:
# Allow user "helen" to run "sudo reboot"
# ...and don't prompt for a password
#
helen ALL = NOPASSWD:/sbin/rebootI then switch to helen with sudo su helen and then try to reboot, sudo reboot. Poof, my session fails. After the reboot I log back in and run uptime to see 0 min so we are good to go. That concludes the lesson but it does some have some additional resources to look over. One is on restricting shell access which is fantastic and a topic I’ve not had to deal much with in regards to servers in my personal home lab.
