![]() ![]() Sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' & \ Useradd -U foo -m -s /bin/bash -p foo -G sudo & passwd -d foo & passwd -d root & \ This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline with the base image of ubuntu:18.04: RUN \ It looks like this: #includedir /etc/sudoers.d This is a sneaky little directive, as it appears to be a commented line upon first glance. Note: As mentioned, you may need to use adm as your admin group name, depending on which version of Ubuntu is being used.Īs I was researching this, I realized that there's a line in the /etc/sudoers file that is not a comment, but a directive that makes any file or folder under the directory /etc/sudoers/* override the contents of /etc/sudoers. You can also add the default AWS ubuntu user to the admin group via this command: sudo usermod ubuntu -g admin (on older versions of ubuntu, you may need to): sudo service sudo restartĮdit: You may have to add the admin group as I don't think it exists by default. Then for every user that needs sudo access WITH a password: sudo adduser sudoĪnd for every user that needs sudo access WITH NO password: sudo adduser admin # See sudoers(5) for more information on "#include" directives: # Members of the admin group may gain root privileges # Allow members of group sudo to execute any command # See the man page for details on how to write a sudoers file.ĭefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Please consider adding local content in /etc/sudoers.d/ instead of You should now have this: # This file MUST be edited with the 'visudo' command as root. To this line: # Members of the admin group may gain root privilegesĪnd move it under this line: # Allow members of group sudo to execute any command I found that the most straight forward thing to do, in order to easily replicate this behavior across multiple servers, was the following: sudo visudoĬhange this line: # Members of the admin group may gain root privileges ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |