Skip to main content

Privileges

Privileges

------------------------------------------------------------------------------------------------------------------------------------------------

For users to have escalated privilege on a server (root access), they need to be granted this permission.

====================================================================================

sudo

Users with sudo access have full administrator permissions, this means that they can essentially perform any task on the system.

There are 2 methods we can use to grant users sudo access:

------------------------------------------------------------------------------------------------------------------------------------------------

1. usermod
sudo usermod -aG sudo username

You can then validate that this has worked by checking the groups that the specified user is included in:

groups username

------------------------------------------------------------------------------------------------------------------------------------------------

2 Editing the sudoers file directly

Users with sudo access are defined within the /etc/sudoers file. This file should ONLY ever be edited using the visudo text editor - as this will check the syntax for any errors.

visudo

flags:

-c: check for errors

-s: strict mode

To add a new user to the sudoers group, we need to append a line to the /etc/sudoers file.

1. Edit the /etc/sudoers file using visudo:

visudo

2. Find the line that reads # User privilege specification and add the following line below it:

username ALL=(ALL:ALL) ALL


====================================================================================

Wheel

The alternative to adding users to the sudoers file, is to add users to the Wheel group. The Wheel group is essentially an exclusion that can be added for users to allow access to certain roles.

By default, any users in the wheel group have full privileges on the server.

An example of how this could be utilised, would be to add a rule into the /etc/wheel file that specifies a group that can be used to perform a specific task. Users that need this privilege could then be added to this file.

Back to top