search

Which of the following is a special group that provides its members with the ability to run the su and sudo command?

1 Jahrs vor
Kommentare: 0
Ansichten: 26

Show

About this Hands-on Lab

System Administrators rarely log into a system as `root`, due to a number of security risks. Some distributions even disable the `root` account to begin with. Restricting the ability to use `root` privileges to selected users is an important part of maintaining a secure system. In this activity, you will learn how to secure the `su` and `sudo` commands by restricting their use to members of the `wheel` group.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Confirm Your User Is in the wheel Group and Set the /usr/bin/sudo and /usr/bin/su Files so They Can Be Executed by the root User and wheel Group

Use the id and groups commands to confirm your wheelgroup membership:

id
groups

Use sudo to become the root user:

sudo -i

Run chgrp to set the wheel group as the owner of /usr/bin/sudo and /usr/bin/su:

chgrp wheel /usr/bin/sudo /usr/bin/su

Use chmod to set the most secure permissions, and allow the root user and wheel group to execute sudo and su:

chmod 4110 /usr/bin/sudo /usr/bin/su

Run ls -l on either of those to confirm.

Use visudo to Confirm, Create, or Uncomment Entry Allowing wheel Group to Use sudo

To modify or verify /etc/sudoers allows the wheel group to use sudo, use the visudo command:

visudo

We need a line that looks like this:

%wheel  ALL=(ALL)       ALL

It may already be there, or it may be there and commented out. It’s usually down in the vicinity of the root line. Save changes to the file and exit. Use grep to verify the line is there.

grep wheel /etc/sudoers
Uncomment or Create a Line in /etc/pam.d/su to Require wheel Group Membership for Using the su Command

Using the editor of your choice, uncomment or create an additional "auth" test below the line ending with pam_rootok.so. The line should look like this:

auth            required        pam_wheel.so use_uid
Create a sysadmin User, Make Them a Member of the wheel Group, Set Their Password, and Verify sysadmin Is Able to Use sudo and su

Create the sysadmin user and make them a member of the wheel group:

useradd -G wheel sysadmin

Running it this way would work too:

useradd sysadmin
usermod -aG wheel sysadmin

Now we can set the sysadmin user password:

passwd sysadmin

Verify sysadmin can execute su and sudo:

su - sysadmin
sudo tail -n1 /etc/shadow
su -l cloud_user
exit
exit
Create a User, sysuser, Who Is Not a Member of the wheel Group, Set Their Password, and Verify That They Are Not Able to Use sudo and su

Create the sysuser user and do not make them a member of the wheel group:

useradd sysuser

Set the sysuser user password.

passwd sysuser

Verify sysuser cannot execute su and sudo:

su --login sysuser
sudo tail -n1 /etc/shadow
su -l cloud_user
exit
exit

The sudo and following su commands should have both failed.

Additional Resources

In order to make a system more secure, we have been asked to restrict access to the su and sudo commands. Only members of the wheel group should be allowed to run those commands.

We'll need to create /etc/sudoers.d/wheel.grp, which will allow wheel group members to use the sudo command.

In addition, only members of the wheel group should be allowed to use the su (switch user) command. Fixing this is a two-step process.

First, we'll need to set the permissions on /usr/bin/su so that only members of the wheel group can execute it.

Next, we have to modify /etc/pam.d/su (the Pluggable Authentication Module file) and require the user to be a member of the wheel group there as well.

Which of the following is a special group that provides its members with the ability to run the su and sudo command?

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Which of the following will show account aging information for a user such as the date of the last password change when the password expires and the?

The chage command is used to modify user password expiry information. It enables you to view user account aging information, change the number of days between password changes and the date of the last password change.

Which of the following commands can be used to remove a group from a Linux system?

To delete a group from Linux, use the command groupdel. There is no option. If the group to be deleted is the initial group of one of the users, you can not delete the group. The files changed by the groupdel command are two files "/etc/group" and "/etc/gshadow".

What command can you use to view Journald log entries on a system that uses systemd?

To see the logs that the journald daemon has collected, use the journalctl command. When used alone, every journal entry that is in the system will be displayed within a pager (usually less ) for you to browse. The oldest entries will be up top: journalctl.

Which of the following file extensions are used by the Debian package manager?

deb is the format, as well as extension of the software package format for the Debian Linux distribution and its derivatives.

special group members ability run su sudo command

zusammenhängende Posts

Wer ist anteilseigner von mercedes benz
Wer ist anteilseigner von mercedes benz

Which model can be used to analyze the direct and indirect costs to help firms determine the actual cost of specific technology implementations group of answer choices?
Which model can be used to analyze the direct and indirect costs to help firms determine the actual cost of specific technology implementations group of answer choices?

Which of the following explains why Texass casino gambling policy differs significantly from that of neighboring states group of answer choices?
Which of the following explains why Texass casino gambling policy differs significantly from that of neighboring states group of answer choices?

The minimum selling price that should be acceptable in a special order situation is equal to total
The minimum selling price that should be acceptable in a special order situation is equal to total

Is a sampling method in which the population is being divided into groups and then the whole group is being selected as a sample?
Is a sampling method in which the population is being divided into groups and then the whole group is being selected as a sample?

Werbung

NEUESTEN NACHRICHTEN

Wissen Sie wissen Sie wer Radetzky ist
1 Jahrs vor . durch MistySloth
Wie besprochen sende ich Ihnen im Anhang die?
1 Jahrs vor . durch RuinedBarrymore
Wie heißen die adoptivkinder von christina aguilera
1 Jahrs vor . durch SurprisedEpilepsy
To evaluate quality, it is helpful when organizations develop ______ system.
1 Jahrs vor . durch SublimePharaoh
What models of decision making explain how managers really come to decisions
1 Jahrs vor . durch All-importantDiversity
Which of the following outlines the overall authority to perform an IS audit
1 Jahrs vor . durch ExcellentQuantity
Wo bekommt man am meisten für seine Rente?
1 Jahrs vor . durch RacingCemetery
Duplex zimmer bedeutung
1 Jahrs vor . durch DreadedProjection
Transformers 5 deutsch der ganze film
1 Jahrs vor . durch PossibleBy-election
What is the Internet standard for how Web pages are formatted and displayed?
1 Jahrs vor . durch VehementSufferer

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjakoptzhthit
Urheberrechte © © 2024 toptenid.com Inc.