Managing sudo Access
In this lab, we will look at how to manage access to
sudo. We will strengthen
sudo security by removing unnecessary default settings and configure
sudo to always require a password. Then, we'll permit specific user accounts to use
We've been asked to make some changes to the
sudoers file, as there have been some personnel changes in the IT department at our organization. The changes that need to be made are:
Disable the use of the
wheelgroup in the
sudoersfile using comments.
Enable full sudo access for the following users:
Ensure a password is required each time the
sudocommand is run.
Setting Up the Environment
Open your terminal application, and log in to the environment using the credentials provided on the lab instructions page. (Remember to replace
<PUBLIC_IP_ADDRESS>with the actual public IP address.)
yesat the prompt.
Enter your password at the prompt.
Disable the Use of the
wheel Group in the
Comment out the line in the
sudoers file that allows
wheel group access:
/ to search for a term, then type
wheel and press
Enter. This will take us where we need to go. Press
i to enter Insert mode, and comment out the line so it reads:
#%wheel ALL=(ALL) ALL
sudo Access to
Farther down the file, in the section for users, add the following lines:
cloud_user ALL=(ALL) ALL pbeesly ALL=(ALL) ALL jhalpert ALL=(ALL) ALL
sudo to Require a Password Each Time the
sudo Command Is Used
To require a password each time
sudo is used, add this line underneath the existing
We can find it the same way we found
wheel, by exiting insert mode (hitting
Esc), then typing
/ and searching for
Once we're done, hit
Esc again, then
:wq to save and exit the editor.
Congratulations, you've successfully completed this hands-on lab!