Sign in Subscribe
Linux

Linux Up Skill - Day 3

David Buhlman

2 min read
Linux Up Skill - Day 3
Photo by Gabriel Heinzer / Unsplash

Moving on to day 3 of the Linux Up Skill Challenge. They have titled day three as “Power trip!” The lesson starts by talking about root and the best practice of not directly logging in with root, but instead using the sudo command. The tasks for today are:

  • Use the links provided to understand how sudo works.
  • Use ls -l to check permissions of /etc/shadow. Can you use cat, less or nano to view it?
  • Now try with sudo.
  • Test running the reboot command, and then again via sudo.
  • Use the uptime command to confirm that your server did actually fully restart.
  • Test the command sudo -i to become root.
  • Type exit to return to your normal login.
  • Use less to view the file /var/log/auth.log, where any use of sudo is logged.
  • You can also try filtering this by typing grep "sudo" /var/log/auth.log
  • Rename your server
  • Change server’s timezone.

Well let’s go through the exercise. I connect to my server and run the ls -l /etc/shadow command. It returns -rw-r----- 1 root shadow 1056 May 28 11:10 /etc/shadow which looks good. Next if I try nano /etc/shadow nano returns the error: [ Error reading /etc/shadow: Permission denied ]. So then we try again with sudo nano /etc/shadow and this time nano opens the file for me to read. Makes sense so far.

Next we try rebooting the server. Running the command reboot produces the error:

Failed to set wall message, ignoring: Interactive authentication required. Failed to reboot system via logind: Interactive authentication required. Failed to open initctl fifo: Permission denied. Failed to talk to init daemon.

I then run the command sudo reboot and the server immediately reboots. After the reboot I log back in and check uptime which gives a result of 14:17:47 up 6 min, 1 user, load average: 0.01, 0.02, 0.00 so we did reboot. Next we try the sudo -i command. This changes the prompt to u@linux-up-skill w> confirming root access. Running exit takes me back to my own prompt. I’ve always used sudo -s in the past. It is interesting to note that sudo -s grants root privileges and sudo -i grants root privileges as well as the root environment. Interesting to learn about.

Next I can less /var/log/auth.log to check the login records. grep "sudo" /var/log/auth.log shows me just the entries with sudo. Very cool. I’ve already set my hostname to what I want so I will skip the sudo hostnamectl set-hostname command. I will do the same with sudo timedatectl set-timezone.

The lesson ends by linking an excellent article on hardening SSH.