sudo Command is an important command in Linux user commands list. It is a safe way to execute privilege tasks , as well all commands executed with sudo are logged for audit purposes.
Running sudo command does not require root credentials , it is also possible to set minute details of sudo access in /etc/sudoers file.
Syntax
The /etc/sudoers file gets read in one pass , multiple entries might match but the last one has the highest precedence. It is advised to set the aliases before using them.
Comments can be inserted with # , with an exception that uid are also prefixed with an # symbol
Aliases
There are 4 type of aliases in sudoer file that can be used to assign permission
User Aliases
Runas Aliases
Command Aliases
Host Aliases
Aliases are the name for a user or group of users , host or group of hosts , a command or a group of commands. Syntax: Alias_type NAME = value1,value2 ...
User Aliases
# Everyone in the system group is covered under alias ADMINS
User_Alias ADMINS = %admin
# The users "tom", "james", are covered by the WEBDEV alias
User_Alias WEBDEV = tom, james
In case you want to exclude a user or group of user from permission use !
# This matches anybody in the USERS alias who isn't in WEBMASTERS or ADMINS aliases
User_Alias LIMITED_USERS = USERS, !WEBMASTERS, !ADMINS
Runas Aliases
It is similar to User Alias except for the the fact it does allow user to be mentioned by UID’s this helps to match both usernames of a single UID as practiced in certain cases.
Basically UID’s are used for root user Runas_Alias ROOT = #0
# ROOT alias for uid 0 , Note #0 is not a comment
Runas_Alias ROOT = #0
#ADMINS alias for the group admin + user root
Runas_Alias ADMINS = %admin, root
Command Aliases
Command aliases are lists of commands and directories. You can use this to specify a group of commands. If you specify a directory it will include any file within that directory but not in any subdirectories.
# All the power options commands
Cmnd_Alias POWER_CMDS = /sbin/poweroff, /sbin/reboot, /sbin/halt
# Admin commands
Cmnd_Alias ADMIN_CMDS = /usr/sbin/passwd,
# User Management Commands
Cmnd_Alias USERMAN_CMDS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/sbin/visudo
Host Aliases
A host alias is a list of hostname, ip address , networks , netgroups prefixed with a + plus symbol.
A host alias is a list of hostname, ip addresses, networks and netgroups (prefixed with a +).
Note: If you do not specify a netmask with a network the netmask of the hosts ethernet interface(s) will be used when matching, but it is a good practice to use netmask while configuring.
# This is all the servers
Host_Alias IAM_SERVERS = 10.10.2.5, 10.10.2.7, serverA
# This is the whole network
Host_Alias PUB_NET = 10.10.2.0/255.255.255.128
# And this is every machine in the network that is not a server
Host_Alias WORKSTATIONS = NETWORK, !SERVER
# putting is all together
# Host_Alias WORKSTATIONS = 10.10.2.0/255.255.255.128, !SERVERS
User Specifications
To make it all sense joining above declared aliases is the main part , this is where it is set WHO can run WHAT as WHO
=
# LAMP Admins can run there commands provided they give password
LAMPMIN LAMPSERVER= LAMP_CMDS
# This lets run admin commands on all host under SERVER alias
ADMINS SERVERS= ADMIN_CMDS
# This lets all the USERS run admin commands on the workstations provided
# they give the root password or and admin password (using "sudo -u ")
USERS WORKSTATIONS=(ADMINS) ADMIN_CMDS
# This lets "patrick" run lamp commands without password on his local machine workstation10
patrick workstation10= NOPASSWD: LAMP_CMDS
# And this lets everybody print without requiring a password
ALL ALL=(ALL) NOPASSWD: PRINTING_CMDS
Examples from Man Pages
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
We let root and any user in group wheel run any command on any host as any user.
FULLTIMERS ALL = NOPASSWD: ALL
Full time sysadmins may run any command on any host without authenticating.
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
On the host www, any user in the WEBMASTERS User_Alias and may run any command
as user www (which owns the web pages) or simply su to www.
Important SUDO Commands
sudo -k
This command will remove the cached credential for the user and ask for the password in the next run sudo command.
sudo -l
Lists the current user permitted commands
sudo -Ul <user>
Lists the specified user permitted commands
sudo -v
Validates the user and increases the default cache for another default 15 min if that is set in configuration file.
sudo -V
Lists sudo version details and features
sudo -e
To edit the sudoers file , note export the preferred editor variable in bash before running this command.
export EDITOR=/bin/nano ;sudo visudo
In short sudo is a great feature in Nix operating system and it is a must known for system administrators.
RHEL web console allows to perform below user management tasks:
Create new users accounts.
Change their parameters.
Lock accounts.
Terminate the user session.
Adding New account in Web Console
Step 1: Click Account
Step 2: Click Create new account
Step 3: In the create account dialog box add the Real Name
Step 4: Enter a unique username
Step 5: Enter a password
Step 6: Confirm the entered password
(Note: it is always advised to keep a strong password)
Step 7: Click Create
Once created User Name will be available in the list of users. In case you want to give it Administrator rights click the newly created user and click Server Administrator Role , that will add the newly created user to the wheel group used for sudo users.
Setting Expiration for an user
Expiration by default is set to never expire but it is possible to change the value by following below steps
Step 1 : Click Account
Step 2 : Click Account name you want to set the expiration
Step 3 : Add the required password change days
Step 4 : Click Change
Terminating User session
Step 1 : Click Account
Step 2 : Click Terminate Session
If button is not active that means the user is not login to the system
Step 5 : select time interval before restart will take place (optional) or no delay in case of immediate restart
Step 6 : click Restart
Shutdown the system from web console
Step 1 : Click System
Step 2 : Power Option (dropdown)
Step 3 : Shutdown
Step 4 : write reason for shutdown (optional) ->
Step 5 : select time interval
Step 6 : click Shutdown
Naming / Renaming Server from web console
Host name consist of two parts host + domain name. By default hostname is localhost.localdomain but you can change it during installation or from the web console.
For example: rhel8server.testdom.it
You can configure also a pretty host name in the RHEL web console. This is specific to web console and is not considered a real hostname of the server. Capital letters , spaces are accepted characters for a pretty hostname.
Step 1 : Click System
Step 2 : Click Current Hostname
Step 3 : Enter Pretty Hostname
Step 4 : Enter Real Hostname
Step 5 : Click Change
Configuring NTP setting from web console
Step 1 : Click System
Step 2 : Click Current System Time
Step 3 : In the change time dialog box select correct timezone
Step 4 : In the change time dialog box Select "Set Time" drop down.
From the drop down you can select
Manual : for setting time manually
Automatic Using NTP : This is recommended option
Automatically Using specific NTP server : In case your company has there own NTP server select this option.
Step 5 : Click Change
Using web console for selecting performance profile
Performance profile are created and managed by the Tuned service.
Tuned is a service that monitors your system and optimizes the performance under certain workloads.
The core of Tuned are profiles, which tune your system for different use cases. Tuned is distributed with a number of predefined profiles for use cases such as: High throughput Low latency Saving power
RHEL 8 Cockpit Web Console is a web based management tool that allows you to complete many common RHEL tasks from a web browser , it is designed as per cloud OS. As a feature of any web based application it is accessible from remote machines by default.
Enabling Cockpit Web Console
By default cockpit gets installed on all RHEL 8 installations with exception to minimal installs, however it is not enabled by default, use below command to enable the web interface.
systemctl enable --now cockpit.socket
Notice that cockpit is a self contained application and does not require a web server to be installed to run this web application.
If you want to run cockpit dashboard locally from the desktop you can use below command to install the graphical interface.
yum install virt-viewer
The next step is to open a web browser (either from a remote host, or from the RHEL 8 system console), and go to the RHEL 8 systems hostname or IP address, followed by :9090 to specify port 9090, for example: https://localhost.localdomain:9090
Log in to the Web Console with the root account, or with another RHEL account.
Hardware : Linux in general and Red Hat kernel supports lots of different hardware variants as well as virtual environment . A complete list of redhat supported hardware you can verify https://access.redhat.com/ecosystem/search/#/category/Server.
Memory : 1.5GB minimum, 1.5GB per logical CPU recommended
10GB minimum, 20GB recommended
Once requirements are out of the way make sure the boot is set in the physical / virtual environment before performing the boot. Below is the first screen on successful boot of RHEL8 CD. Pressing TAB key will display the actual command that will be executed upon install.
There are multiple ways to install RHEL 8 but the most common for the first installation is using an ISO , others will be discussed during installation below.
The very first installation screen is the installation language , note this is not necessary the language to be used by the users. Select the required language by default US English is selected , press Continue
After selecting the installation language a very clean installation summary is given to select all the required option for the installation , most of these have the default already set such as Language Support and KDUMP , but few of these need to be set such as “Time & Date” , a new window will open for the time and date settings.
from the above you can
set the time in 24 hour / 12 hours
select the date
Select region and city
Keyboard Layout
NTP Server Settings
Click Ok to return to Main Option Menu Screen.
Next is the installation source , you can select different sources for your installation media as below.
Auto-Detect installation media is the ISO image used for booting RHEL 8 setup , there is option to choose a custom ISO , add multiple repositories in your environment (if available) , perform Network Install. Click Done to get back to Main Options.
Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Next is Software Selection , Pre Packaged bundles and custom packages , select the one that best suites your requirement.
There are few pre-packaged bundles
Virtualization Host environment contains a set of software packages needed for running virtual machines on the system
Minimal install only installs a basic version of Red Hat Enterprise Linux with only a minimal amount of additional software
Server installs infrastructure and networking packages
Server with GUI installs infrastructure and networking + GUI
Workstation is the user friendly desktop , laptop packages
Custom Operating System installs all the packages that admin selects to install.
Once desired packages are selected click Done. Next is the selection of Storage type.
Select installation destination asks for the location to install the OS , it provide the option to select the new disk , select Automatic or Custom partitioning.
Full disk summary and boot loader link shows the options selected for the installation of the new operating system.
Next select Network and Host Name as below, by default in RHEL 8 networking is disabled.
In the above screen you can select Static or Dynamic IP addressing , configure Host Name settings. By clicking on Configure you can set the static settings for route , DNS as well as static ip address.
Security Policy and System Purpose are optional settings.
After all the options are configured click “Begin Installation” and installation will commence. On the next screen there are two option to set the first user and the root password these are required before installation completes.
Once installation has completed you will see the option to reboot the system. Please make sure that the installation media is removed prior to reboot.
