Skip to main content

Linux User Management: Configuring Sudo

Hands-On Lab

 

Photo of Cara Nolte

Cara Nolte

Linux Training Architect II

Length

00:15:00

Difficulty

Intermediate

The sudo command, which stands for "super-user do" allows users to run commands with elevated access as the root user, or as another user. In this lab, students will learn to add a new user to the system, and configure sudo to allow the user to run commands as the super-user.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Linux User Management: Configuring Sudo

Introduction

The sudo command, which stands for "super-user do" allows users to run commands with elevated access as the root user, or as another user. In this lab, students will learn to add a new user to the system, and configure sudo to allow the user to run commands as the super-user.

Logging In

Use the credentials provided on the hands-on lab overview page, and log in as cloud_user. Since we'll want root privileges for the whole lab, let's run sudo -i as soon as we're logged in.

Create userA and userB with the wheel Group as Their Secondary Group

We'll use useradd to create these users, and the -G flag to specify a secondary group:

useradd -G wheel userA
useradd -G wheel userB

Add ec2-user to the wheel Group

To modify this user, we can use usermod, and add the account to the wheel group. But we have to use the -a flag (append), otherwise we'd replace any secondary groups that ec2-user is already a member of with wheel:

usermod -aG wheel ec2-user

Verify All Users Are Part of the wheel Group

There are two ways to do this. One is with the groups command:

groups userA userB ec2-user

The other is by reading the wheel group line in /etc/group:

grep wheel /etc/group

Configure the wheel Group in /etc/sudoers

Edit the sudoers file:

visudo

Search for whether or not the wheel group is already configured by typing /wheel and pressing Enter. We'll see a line that reads something like this:

%wheel    ALL=(ALL)   ALL

It's already configured so that anyone in the wheel group can run sudo commands.

Switch to Each User and Verify sudo Commands Are Executed by root

Before we can test whether or not these users can run sudo commands, we have to give them passwords. Run the passwd command for each one:

passwd userA
passwd userB
passwd ec2-user

Just enter and retype a password for each of the users at the prompts.

Testing User sudo Ability

We'll have to become each of these users, in order to see whether they've got the ability to run sudo commands. With each of these users, when we run the whoami command we should get root as output.

Testing userA:

su - userA
sudo whoami
exit

Testing userB:

su - userB
sudo whoami
exit

Testing ec2-user:

su - ec2-user
sudo whoami
exit

Conclusion

We've made sure that members of the wheel group can run sudo commands, and then we actually tested out whether or not the users in that group can do it. We're finished. Congratulations!