Show pagesourceOld revisionsBacklinksBack to top × Table of Contents Elevating privileges with sudo Introduction Goals Command-line instructions Testing Troubleshooting Extras References Manual setup Removing user and group Elevating privileges with sudo This article relies on the following: Accessing web interface / command-line interface Managing configs / packages / services / logs Introduction This how-to helps improve security with sudo when using command-line interface. Log in as an unprivileged user and use sudo to run commands with elevated privileges. Goals Drop user privileges by default. Elevate user privileges on demand. Command-line instructions Install the required packages. # Install packages opkg update opkg install shadow-useradd shadow-usermod shadow-groupadd sudo Create an unprivileged test user and set him a password. # Create a user useradd -m -s /bin/ash test # Set user password passwd test Create a privileged group and make the test user its member. # Create system group groupadd -r sudo # Add user to group usermod -a -G sudo test Grant root privileges to the group when using sudo. # Configure sudoers cat << EOF > /etc/sudoers.d/00-custom %sudo ALL=(ALL) ALL EOF Testing Log in as an unprivileged user. Elevate privileges for a specific command. sudo -i -u test id sudo id Troubleshooting Collect and analyze the following information. id test ls -l /etc/sudoers /etc/sudoers.d/* grep -v -e "^#" -e "^$" /etc/sudoers /etc/sudoers.d/* Extras References useradd usermod groupadd passwd sudo visudo Manual setup Add the user by hand using a unique UID and GID. # Edit configs vi /etc/passwd vi /etc/group vi /etc/shadow # Create home directory mkdir -p /home/test # Set permissions chown test:test /home/test # Set user password passwd test Check the resulting configs. # Check configs > grep -e test /etc/passwd /etc/group /etc/shadow /etc/passwd:test:x:1000:1000::/home/test:/bin/ash /etc/group:test:!:1000: /etc/shadow:test:$1$uPzGJ3jI$n7ld4E73SPsIx0QTXPMfu1:19615:0:99999:7::: Removing user and group Install the required packages. Remove the user and group. # Install packages opkg update opkg install shadow-userdel shadow-groupdel # Remove user and group userdel test groupdel sudo This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2023/09/15 15:25by vgaetera