You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/03.md
+7-5
Original file line number
Diff line number
Diff line change
@@ -42,7 +42,7 @@ However, if you really, *really* want to use `root`, there are ways to do it in
42
42
43
43
However, if you created a VM [locally](https://linuxupskillchallenge.org/00-Local-Server/) or with [other VPS providers](https://linuxupskillchallenge.org/00-VPS-small/), it is very likely that you have your `root` user readily available.
44
44
45
-
Stop using root. If you followed the guides, you should have created a regular user and adding it to a sudoers group, like this:
45
+
Stop using root. If you followed the guides, you should have created a regular user and added it to a sudoers group, like this:
46
46
47
47
`adduser snori74`
48
48
@@ -63,7 +63,7 @@ Your server is protected by the fact that its security updates are up to date, a
63
63
## THE POWER OF SUDO
64
64
65
65
* Use the links in the "Resources" section below to understand how `sudo` works
66
-
* Use `ls -l` to check the permissions of `/etc/shadow` - notice that only `root` has any access. Can you use `cat`, `less` or `nano` to view it?
66
+
* Use `ls -l` to check the permissions of `/etc/shadow` - notice that only `root` has any access. Try `cat /etc/shadow`, can you view the contents of the file?
67
67
* This file is where the hashed passwords are kept. It is a prime target for intruders - who aim to grab it and use offline password crackers to discover the passwords.
68
68
* Now try with `sudo`, e.g. `sudo cat /etc/shadow`
69
69
* Test running the `reboot` command, and then via `sudo` (i.e. `sudo reboot`)
@@ -73,7 +73,7 @@ Once you've reconnected back:
73
73
* Use the `uptime` command to confirm that your server did actually fully restart
74
74
* Test fully “becoming root” by the command `sudo -i`. This can be handy if you have a series of commands to do "as root". Note the change to your prompt.
75
75
* Type `exit` or `logout` to get back to your own normal “support” login.
76
-
* Use `less` to view the file `/var/log/auth.log`, where any use of `sudo`is logged
76
+
* Use `cat /var/log/auth.log`, to see the last few times `sudo`was logged
77
77
* You could "filter" this by typing: `grep "sudo" /var/log/auth.log`
78
78
79
79
*Normally invoking the `sudo` command will ask you to re-confirm your identity with your password. However, this can be changed in the sudoers configuration file so it does NOT prompt for a password.*
@@ -82,7 +82,7 @@ Once you've reconnected back:
82
82
83
83
We will go into detail of the many things you can do to your server, but here are some examples of simple administrative tasks that require `sudo`.
84
84
85
-
If you wish to, you can now rename your server. Traditionally you would do this by editing two files, `/etc/hostname` and `/etc/hosts` and then rebooting - but the more modern, and recommended, way is to use the `hostnamectl` command; like this:
85
+
If you wish to, you can now rename your server. Traditionally you would do this by editing two files, `/etc/hostname` and `/etc/hosts` and then rebooting - but the more modern, and recommended, way is to use the `hostnamectl` command, like this:
86
86
87
87
`sudo hostnamectl set-hostname mylittlecloudbox`
88
88
@@ -112,12 +112,14 @@ Confirm:
112
112
113
113
The major practical effects of this are (1) the timing of scheduled tasks, and (2) the timestamping of the logs files kept under `/var/log`. If you make a change, there will naturally be a "jump" in the dates and time recorded.
114
114
115
-
## WRAP
115
+
## WITH GREAT POWERS COMES GREAT RESPONSIBILITY
116
116
117
117
As a Linux sysadmin you may be working on client or custom systems where you have little control, and many of these will default to doing everything as `root`. You need to be able to safely work on such systems - where your only protection is to double check before pressing `Enter`.
118
118
119
119
On the other hand, for any systems where you have full control, setting up a "normal" account for yourself (and any co-admins) with permission to run `sudo` is recommended. While this is standard with Ubuntu, it's also easy to configure with other popular server distros such as Debian, CentOS and RHEL.
120
120
121
+
Even with that, it's important to take the necessary precautions before making global changes, to prevent accidentally locking yourself out or other issues. Practices like using a test environment, checking for syntax errors and typos, and keeping an eye on the log files, will eventually become second nature.
122
+
121
123
## EXTENSION
122
124
123
125
*[How To Edit the Sudoers File](https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file)
0 commit comments