How to Enable Sudo Access
- Enterprise IT
What is Sudo?
Sudo (superuser do) is a utility for UNIX- and Linux-based systems that provides an efficient way to give specific users permission to use specific system commands at the root level of the system. In Ubuntu Linux, the root account is not configured by default. If users want a root account password, they must set it up manually to use “sudo.” Using sudo is a good way to protect the user’s computer from being used as a tool for exploitation. Whenever users try to install, remove, or change any piece of software, they must have the root privileges to perform such tasks. The sudo command is used to give such permissions to any command that a user wants to execute once the user enters a user password to give system-based permissions. Sudo also logs all commands and arguments that are executed.
Using sudo, a system administrator can:
- Give some users (or groups of users) the ability to run some (or all) commands at the root level of system operation.
- Control which commands a user can use on each host.
- Enables clarity of commands executed by user(s).
- Using timestamp files, control the amount of time a user must enter commands after they have entered their password and are granted appropriate privileges.
How to enable sudo access (Agentless Linux Discovery)
Note: Below steps must be performed by Linux Administrators only and should be granted with caution. Any incorrect changes may lead to issues with the server or cause the system to crash.
Symptoms
If the user(s) needs to remove or change any piece of software, they must have root privileges to perform such tasks.
Hardware details will not be discovered when Sudo account is used for Linux server discovery
When certain SSH commands are run, output will not be returned if user does not have root access/privileges. These commands required root privileges to fetch the data.
Resolution
- Sudo access to be provided by Linux admin.
- All commands that are used for Discovery that don’t have root access need to be added to the sudoer file.
To add commands to sudoer file, perform the following steps.
- Connect to server console using Putty
- Type visudo or sudo visudo based on the user access.
Figure: Sudo Login - Once you type visudo or sudo visudo, press enter. The sudoer file loads and you may enter your sudo commands. Highlighted below is an example.
Figure: Sudo Access Search for “## Allow root to run any commands anywhere” and add below commands. User is the sudo account and hostname is the host of the machine.
user hostname= (root) NOPASSWD: /usr/sbin/dmidecode
user hostname= (root) NOPASSWD: /sbin/fdiskuser ALL = (ALL) NOPASSWD: ALL Highlighted in the above example image:
Summon sumfedora23dev01= (root) NOPASSWD: /usr/sbin/dmidecode
Summon sumfedora23dev01= (root) NOPASSWD: /sbin/fdisk
To add any other commands, the user must follow the same syntax:
User hostname= (root) NOPASSWD: Linux command
Where:
User: Linux account name
Hostname: hostname of the machine or Linux server name
(root) NOPASSWD: If you do not want to be prompted for any password while running sudo then we can use the NOPASSWD parameter on a particular entry
- Save the sudoer file after adding the desired information.
- Test the output by running commands sudo dmidecode and sudo fdisk –l from Putty console
Confluence Cloud Migration Alert: Please refer to known issues you may encounter in Confluence Cloud: https://eitdocs.atlassian.net/wiki/x/wDGwAQ