Practice Exercise: Understanding When root Privileges are Required

Objectives

• Learn when and why root privileges are required in Linux.
• Understand the concept of the root user and the superuser (sudo).
• Practice using sudo to perform tasks that require elevated privileges.

Scenario

In Linux, the root user, also known as the superuser, has the highest level of privileges and can perform any action on the system. However, it's essential to use root privileges judiciously, as improper use can lead to system instability or security vulnerabilities. In this exercise, you will explore situations where root privileges are required and practice using the sudo command to perform tasks as the superuser.

Tasks

Task 1: Using sudo Safely

• Demonstrate how to use the sudo command to execute a command with superuser privileges.
• Use sudo to edit a system configuration file (e.g., /etc/hostname) that is normally restricted to root.
• Explain the benefits of using sudo for temporary superuser access rather than logging in as the root user.
• Emphasize the importance of using sudo carefully to avoid mistakes or unintended changes.

  [intern@intern-a1t-inf-lnx1 ~]$ sudo ls /
  bin   dev  home  lost+found  mnt         opt   root  sbin  srv   sys  usr
  boot  etc  lib   media       myrootfile.txt  proc  run   snap  swap.img  tmp  var
  

Task 2: Securing sudo Configuration

• Explore the sudoers file located at /etc/sudoers.
• Discuss how the sudoers file defines who can use sudo and what commands they can run.
• Explain how to add a user to the sudo group to grant them sudo privileges.
• Highlight the need to secure the sudoers file to prevent unauthorized access.

  [intern@intern-a1t-inf-lnx1 ~]$ sudo cat /etc/sudoers
  #
  # This file MUST be edited with the 'visudo' command as root.
  #
  # Please consider adding local content in /etc/sudoers.d/ instead of
  # directly modifying this file.
  #
  # See the man page for details on how to write a sudoers file.
  #
  Defaults    env_reset
  Defaults    mail_badpass
  Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
  Defaults    use_pty
  
  # This preserves proxy settings from user environments of root
  # equivalent users (group sudo)
  #Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy"
  
  # This allows running arbitrary commands, but so does ALL, and it means
  # different sudoers have their choice of editor respected.
  #Defaults:%sudo env_keep += "EDITOR"
  
  # Completely harmless preservation of a user preference.
  #Defaults:%sudo env_keep += "GREP_COLOR"
  
  # While you shouldn't normally run git as root, you need to with etckeeper
  #Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*"
  
  # Per-user preferences; root won't have sensible values for them.
  #Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME"
  
  # "sudo scp" or "sudo rsync" should be able to use your SSH agent.
  #Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK"
  
  # Ditto for GPG agent
  #Defaults:%sudo env_keep += "GPG_AGENT_INFO"
  
  # Host alias specification
  
  # User alias specification
  
  # Cmnd alias specification
  
  # User privilege specification
  root    ALL=(ALL:ALL) ALL
  
  # Members of the admin group may gain root privileges
  %admin ALL=(ALL) ALL
  
  # Allow members of group sudo to execute any command
  %sudo   ALL=(ALL:ALL) ALL
  
  # See sudoers(5) for more information on "@include" directives:
  
  @includedir /etc/sudoers.d
  
  [intern@intern-a1t-inf-lnx1 ~]$ sudo visudo
  

• Note to always use sudo visudo when editing the sudoers file to prevent you from making changes that will lock you out of the machine

Task 3: Examples of sudo Usage

• Provide real-world examples of using sudo for common administrative tasks:
• Installing software packages.
• Modifying system configuration files.
• Creating or deleting system users.
• Explain the benefits of using sudo in each scenario and the potential risks of not doing so.

  [intern@intern-a1t-inf-lnx1 ~]$ sudo yum install auditd
  
  [intern@intern-a1t-inf-lnx1 ~]$ sudo vim /etc/hosts
  
  [intern@intern-a1t-inf-lnx1 ~]$ sudo userdel new_user
  

---

Conclusion

Understanding when and why root privileges are required in Linux is crucial for system administrators and users. In this exercise, you've explored the concept of root privileges, identified scenarios where they are necessary, and practiced using the sudo command to execute commands as the superuser. By using sudo judiciously, you can enhance the security and stability of your Linux system while minimizing the risks associated with superuser access.