NICE: Linux Administration 101: Users, Access & Updates

Create User Accounts

The useradd command is used to create new users in Linux systems.

• sudo useradd gthatcher
• sudo useradd rob

Assign SUDO privileges to Gary Thatcher’s account

To provision the proper sudo requirements for Gary Thatcher’s user, use the command visudo to edit the /etc/sudoers file.

• sudo visudo Sudo permissions can be assigned at the bottom of file, to allow Gary Thatcher’s profile to use sudo with all commands, the following line is appended to the sudoers file.

• gthatcher ALL=(ALL) ALL

Assign SUDO privileges to Rob’s account

To allow Rob to run sudo without a password, an entry is created in the sudoers file and the NOPASSWD field is added at the end.

• rob ALL=(ALL) NOPASSWD To restrict the commands that Rob is authorized to use with sudo, the authorized commands are appended to the entry.

In this case, Rob is authorized to use sudoedit on all files within /var/www/html/, and is authorized to use systemctl to manage the httpd service.

To accomplish this, the authorized commands added to rob’s entry in the sudoers file. The final entry appears as follows:

• rob ALL=(ALL) NOPASSWD: /bin/sudoedit /var/www/html/*, /bin/systemctl * httpd Wildcards are used to allow for any files within /var/www/html/ and for any methods of the systemctl command such as restart and disable.

Updating Apache

The Prod-Web host’s Linux distribution is CentOS which uses the Yum package manager. The following command is used to update packages in yum:

• yum update However, when attempting to update Apache, yum returned an error regarding its repository files. After analyzing the files, it was apparent that the files had been corrupted and were no longer readable.

New copies of the repository files were required to allow yum to download updates.

First, a copy of the existing repository directory was created with the following command:

• sudo cp yum.repos.d yum.repos.d.BAK After which, a new yum.repos.d directory was created.

• sudo mkdir yum.repos.d Within this folder, valid repo files were downloaded from https://raw.githubusercontent.com/cloudrouter/centos-repo/master/CentOS-Base.repo

• sudo curl https://raw.githubusercontent.com/cloudrouter/centos-repo/master/CentOS-Base.repo-o ./CentOS-Base.repo This was done for each of the .repo files in the github repository.

After downloading the files, yum can be run successfully to update the Apache service.

• yum update httpd

Generating SSH Keys

To generate SSH keys, Linux’s ssh-keygen utility is used.

• sudo ssh-keygen As requested, no passphrase is applied to the keys.

After the utility completes, the public key must be copied to the Dev-Web server. To accomplish this, the Linux utility ssh-copy-id is used.

The Dev-Web server’s IP address can be located in the network map.

• ssh-copy-id -i ~/.ssh/id_rsa.pub playerone@172.16.20.11