Linux Exercise: Security Administration Tasks

su

While logged into your regular user account, perform an su to root. Check the environment. Also perform an su - to root. Again check the environment.
- $ su
  Type the root password.
- # set
- # exit
- $ su -
  Type the root password.
- # set
- # exit

sudo

In a different SSH/terminal window, login as root. Change the /etc/sudoers file (using visudo) so that your regular user account is able to restart the firewalld daemon.
- # visudo
  Add the following line:
```
username ALL=/usr/bin/systemctl restart firewalld
```
As a regular user, see if you can restart the firewalld using sudo. Also, see if you can stop and start the firewalld, and see if you can restart another daemon.
- # sudo systemctl restart firewalld
- # sudo systemctl stop firewalld
- # sudo systemctl start firewalld
- # sudo systemctl restart crond
  The first command asks for your own password to verify it's really you and not just someone who happens to walk past your workstation. It then executes the command. The last three commands should not work, as you are not authorized to perform them.
As root, change the /etc/sudoers file (using visudo) so that anybody who is a member of the wheel group, is allowed to run administrative commands. The sudo command should not ask for any passwords.
- # visudo
  Make sure the following line is in the file:
```
%wheel ALL=(ALL) NOPASSWD: ALL
```
  Note that a template line may already be present in the file, but may be commented out.
As root, make sure your own user account is member of the wheel group.
- # usermod -a -G wheel username
Logout and login again with your regular user account. Can you now perform sudo commands?
- # sudo systemctl restart firewalld
- # sudo systemctl stop firewalld
- # sudo systemctl start firewalld
- # sudo systemctl restart crond

End of exercise