DEV Community

Cover image for 11.Linux Configure sudo
Thu Kha Kyawe
Thu Kha Kyawe

Posted on

11.Linux Configure sudo

#aws #linuxlevel2

Lab Information

We have some users on all app servers in Stratos Datacenter. Some of them have been assigned some new roles and responsibilities, therefore their users need to be upgraded with sudo access so that they can perform admin level tasks.

a. Provide sudo access to user ammar on all app servers.

b. Make sure you have set up password-less sudo for the user.

Lab Solutions

🧭 Part 1: Lab Step-by-Step Guidelines

Objective

On all Nautilus App Servers, grant password-less sudo access to the user:

ammar

Target servers:

Server User
stapp01 tony
stapp02 steve
stapp03 banner

1️⃣ Login to Jump Host

ssh thor@jump_host.stratos.xfusioncorp.com
Enter fullscreen mode Exit fullscreen mode

Password

mjolnir123

2️⃣ Configure App Server 1

SSH to server:

ssh tony@stapp01
Enter fullscreen mode Exit fullscreen mode

Password

Ir0nM@n

Switch to root:

sudo -i
Enter fullscreen mode Exit fullscreen mode

Add sudo rule:

echo "ammar ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
Enter fullscreen mode Exit fullscreen mode

Exit twice.

3️⃣ Configure App Server 2

SSH:

ssh steve@stapp02
Enter fullscreen mode Exit fullscreen mode

Password

Am3ric@

Run:

sudo -i
echo "ammar ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
Enter fullscreen mode Exit fullscreen mode

Exit twice.

4️⃣ Configure App Server 3

SSH:

ssh banner@stapp03
Enter fullscreen mode Exit fullscreen mode

Password

BigGr33n

Run:

sudo -i
echo "ammar ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
Enter fullscreen mode Exit fullscreen mode

🧠 Part 2: Simple Explanation (Beginner Friendly)

What this lab tests

This lab checks your knowledge of Linux privilege escalation using sudo.

What is sudo?

sudo allows normal users to run administrator commands.

Example:

sudo systemctl restart httpd

Without sudo, normal users cannot perform system-level operations.

What does this rule mean?

ammar ALL=(ALL) NOPASSWD: ALL

Breakdown:

Section Meaning
ammar username
ALL any host
(ALL) run commands as any user
NOPASSWD no password required
ALL any command allowed

So the user can run:

sudo command

without entering a password.

Why we modify /etc/sudoers

File:

/etc/sudoers

controls who can use sudo and how.

Example entry:

user host=(runas) options commands

⚠️ Real-World Best Practice (Important)

In production systems, we should not edit /etc/sudoers directly.

Instead we create files in:

/etc/sudoers.d/

Example:

echo "ammar ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ammar

But for KodeKloud labs, editing /etc/sudoers is acceptable.

Resources & Next Steps
📦 Full Code Repository: KodeKloud Learning Labs
📖 More Deep Dives: Whispering Cloud Insights - Read other technical articles
💬 Join Discussion: DEV Community - Share your thoughts and questions
💼 Let's Connect: LinkedIn - I'd love to connect with you
Credits
• All labs are from: KodeKloud
• I sincerely appreciate your provision of these valuable resources.

Top comments (0)