Elevating privileges with sudo

  • This how-to helps improve security with sudo when using command-line interface.
  • Log in as an unprivileged user and use sudo to run commands with elevated privileges.
  • Drop user privileges by default.
  • Elevate user privileges on demand.

Install the required packages.

# Install packages
opkg update
opkg install shadow-useradd shadow-usermod shadow-groupadd sudo

Create an unprivileged test user and set a password.

# Create a user
useradd -m -s /bin/ash test
 
# Set user password
passwd test

Create a privileged group and make the test user its member.

# Create system group
groupadd -r sudo
 
# Add user to group
usermod -a -G sudo test

Grant root privileges to the group when using sudo.

# Configure sudoers
cat << EOF > /etc/sudoers.d/00-custom
%sudo ALL=(ALL) ALL
EOF

Log in as an unprivileged user. Elevate privileges for a specific command.

sudo -i -u test
id
sudo id

Collect and analyze the following information.

id test
ls -l /etc/sudoers /etc/sudoers.d/*
grep -v -e "^#" -e "^$" /etc/sudoers /etc/sudoers.d/*

Add the user by hand using a unique UID and GID.

# Edit configs
vi /etc/passwd
vi /etc/group
vi /etc/shadow
 
# Create home directory
mkdir -p /home/test
 
# Set permissions
chown test:test /home/test
 
# Set user password
passwd test

Check the resulting configs.

# Check configs
> grep -e test /etc/passwd /etc/group /etc/shadow
/etc/passwd:test:x:1000:1000::/home/test:/bin/ash
/etc/group:test:!:1000:
/etc/shadow:test:$1$uPzGJ3jI$n7ld4E73SPsIx0QTXPMfu1:19615:0:99999:7:::

Install the required packages. Remove the user and group.

# Install packages
opkg update
opkg install shadow-userdel shadow-groupdel
 
# Remove user and group
userdel test
groupdel sudo
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2024/02/20 11:32
  • by elif