Linux Privilege Granting

Introduction

In the grandiose halls of the Ming dynasty's palace, a scene of intense activity unfolds as the emperor's advisors hustle through the endless corridors, secretly vying for power and influence. You are the imperial court physician, hailing from a lineage of healers that dates back generations. However, your role extends beyond mere medicine; you have been bestowed with the vital task of safeguarding the empire's medicinal recipes and royal decrees, which are preserved in scrolls of unfathomable importance.

The emperor, known for his wisdom and foresight, has deemed it necessary for these scrolls to be accessible only to those he trusts implicitly. As such, you have been granted the authority to control access to these scrolls, symbolizing the digital files within the Linux environment. Your ultimate goal in this lab is to ensure that only specific members of the imperial court possess the ability to read and modify these crucial documents. This endeavor requires mastering the art of sudo, a command that carries the weight of the emperor's trust.

Skills Graph

Configuring Sudo Permissions

In this step, you will learn how to grant specific users on the Linux system the ability to perform actions with elevated privileges using the 'sudo' command. A new user, representative of a trusted court member, needs to be created and given the appropriate permissions.

First, create a new user, symbolizing a trusted court member:

sudo adduser trusted_advisor

Next, grant this user sudo access by adding them to the sudo group:

sudo usermod -aG sudo trusted_advisor

To verify that the new user has sudo access, switch to that user account and attempt to list the contents of the /root directory:

su - trusted_advisor
sudo ls /root

This command should succeed without any permission denied errors, if the user has been granted sudo privileges correctly.

Limiting Sudo Access

In this step, you will restrict the newly created user's privileges, ensuring they can only execute specific commands as a superuser. This mirrors the precision required when dealing with delicate courtly matters where not all powers should be freely available to all members.

Edit the sudoers file by using the visudo command:

sudo visudo

Then add the following line to grant trusted_advisor permissions to run cp and mv commands only:

trusted_advisor ALL=(ALL) NOPASSWD: /bin/cp, /bin/mv

Save and exit the editor. Now trusted_advisor can use sudo to copy and move files without being asked for a password.

First, let's create file important_scroll.txt:

sudo echo "test" > important_scroll.txt

Then, you can test this by trying to copy a file to a protected directory:

sudo cp important_scroll.txt /root/

This command should succeed without password.

Summary

In this lab, we transported ourselves to the historical context of the Ming dynasty, drawing parallels between the control of information in a royal court and the management of privileges in a Linux environment. Through hands-on experience, you learn to wield the power of sudo - the key tool for privilege granting in Linux. The lab's purposeful design provides a step-by-step approach to understanding and implementing user permissions, ensuring that the learner attains practical knowledge enforceable in modern-day system administration. Echoing the responsibilities of an imperial court physician, your newfound skills ensure you can securely guard digital treasuries, granting access only to those as trusted as the advisors of yesteryear.