diff --git a/Content/Linux/README.md b/Content/Linux/README.md index 7c71bb5..45c20c9 100644 --- a/Content/Linux/README.md +++ b/Content/Linux/README.md @@ -77,6 +77,21 @@ Topics covered: - Managing processes (`kill`, `nice`, `renice`) - Background and foreground processes +--- + +## Linux System Administration + +Learn how to manage administrative tasks on Linux systems. Check out the [Linux System Administration Guide](linux_system_administration.md). + +Topics covered: + +- Managing users and groups** – Learn how to create, modify, and delete users and groups, and how to manage their permissions on the system. +- Configuring sudo for safe administrative access** – Configure `sudo` to grant elevated privileges without exposing the root account. Learn how to safely edit the `/etc/sudoers` file and set up specific permissions. +- Setting up automation with sudoers** – Automate tasks like Ansible playbooks by editing the `sudoers` file to grant required permissions without needing a password. +- System security practices** – Understand best practices for securing your system, such as configuring firewalls, applying patches, and minimizing root access. +- Basic troubleshooting techniques** – Common tools and methods for diagnosing and fixing issues on Linux systems. + + --- ## Getting Started diff --git a/Content/Linux/linux_file_management.md b/Content/Linux/linux_file_management.md index e69fb65..86140df 100644 --- a/Content/Linux/linux_file_management.md +++ b/Content/Linux/linux_file_management.md @@ -138,7 +138,9 @@ Now convert this number to 10-bases number: Now simply add up the values for each permission that is granted, and use that as the digit in the corresponding position. For example: -`rwxrw-rw-` would be represented as 766 in octal notation. 7 for `rwx` of the user, 6 for `rw-` of the group, 6 again of `rw-` for others. +`rwxrw-rw-` would be represented as 766 in octal notation. 7 for `rwx` of the user, 6 for `rw-` of the group, 6 again of `rw-` for others. + +For your convince, you can also use this website: https://chmod-calculator.com/ #### Default permissions diff --git a/Content/Linux/linux_system_administration.md b/Content/Linux/linux_system_administration.md new file mode 100644 index 0000000..996e436 --- /dev/null +++ b/Content/Linux/linux_system_administration.md @@ -0,0 +1,76 @@ +# Linux System Administration + +This guide explains how to grant `sudo` privileges for automated tasks in Linux-based systems. + +## The Root User + +The **root user** is the administrative user in Linux-based operating systems, including Ubuntu. The root user has unrestricted access to all system files, processes, and settings, allowing it to perform any operation, including modifying crucial system files. + +## Granting Full-Time Sudo Access for Automation + +To allow automated tasks to run with elevated privileges, you can modify the `/etc/sudoers` file. Always use the `visudo` command to edit this file to avoid syntax errors. + +### Editing the Sudoers File + +1. Open the sudoers file using `visudo`: + + ```console + sudo visudo + ``` + +2. Add the necessary permissions for your automation tasks. For example, to grant Ansible playbooks permission to execute certain commands without needing a password, add the following line to the sudoers file: + + ```console + ansible ALL=(ALL) NOPASSWD: /bin/sh -c echo BECOME-SUCCESS-*, \ + /usr/bin/python /tmp/ansible/ansible-tmp-* + ``` + + This configuration allows the Ansible user to run specific commands without needing to enter a password each time. + +### Verifying the sudoers File + +After editing the sudoers file, always verify that the syntax is correct before saving the file. This can be done using the `visudo -c` command. + +```console +sudo visudo -c +```` + +The output should be: + +```console +/etc/sudoers: parsed OK +/etc/sudoers.d/README: parsed OK +``` + +If you see any errors, the `visudo` tool will indicate them, preventing misconfiguration. + +### Example of a Correct sudoers File + +Here’s an example of how your `sudoers` file might look after adding the necessary automation permissions: + +```console +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Members of the admin group may gain root privileges +%admin ALL=(ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) ALL + +# Grant Ansible full-time sudo access to specific tasks +ansible ALL=(ALL) NOPASSWD: /bin/sh -c echo BECOME-SUCCESS-*, \ + /usr/bin/python /tmp/ansible/ansible-tmp-* + +# Include additional sudoers configuration from files in the /etc/sudoers.d directory +@includedir /etc/sudoers.d +``` + +### Best Practices and Security Considerations + +* **Limit Access**: Only grant the minimal set of privileges needed for automation tasks. Avoid providing unnecessary access. +* **Avoid Full Root Access**: Instead of granting full root access to automation users, restrict them to specific commands that are necessary for the task. +* **Always Validate the sudoers File**: After making changes to the sudoers file, always run `visudo -c` to ensure there are no syntax errors. Misconfigurations could lock you out of critical tasks. +* **Use `sudo` for Automation**: Avoid using the root account directly for automation. Instead, configure `sudo` to a uniqe application user and grant only the necessary privileges. + +By following these guidelines and using the `visudo -c` command to validate your sudoers file, you ensure that your automation tasks can run smoothly and securely. \ No newline at end of file