super user setup in Ubuntu Debian distribution

super user

sudo Command is an important command in Linux user commands list. It is a safe way to execute privilege tasks , as well all commands executed with sudo are logged for audit purposes.

Running sudo command does not require root credentials , it is also possible to set minute details of sudo access in /etc/sudoers file.

Syntax

The /etc/sudoers file gets read in one pass , multiple entries might match but the last one has the highest precedence. It is advised to set the aliases before using them.
Comments can be inserted with # , with an exception that uid are also prefixed with an # symbol

Aliases

There are 4 type of aliases in sudoer file that can be used to assign permission

  • User Aliases
  • Runas Aliases
  • Command Aliases
  • Host Aliases

Aliases are the name for a user or group of users , host or group of hosts , a command or a group of commands.
Syntax: Alias_type NAME = value1,value2 ...

User Aliases
 # Everyone in the system group is covered under alias ADMINS
 User_Alias ADMINS = %admin
 # The users "tom", "james", are covered by the WEBDEV alias
 User_Alias WEBDEV = tom, james

In case you want to exclude a user or group of user from permission use !

 # This matches anybody in the USERS alias who isn't in WEBMASTERS or ADMINS aliases
 User_Alias LIMITED_USERS = USERS, !WEBMASTERS, !ADMINS
Runas Aliases

It is similar to User Alias except for the the fact it does allow user to be mentioned by UID’s this helps to match both usernames of a single UID as practiced in certain cases.
Basically UID’s are used for root user Runas_Alias ROOT = #0

# ROOT alias for uid 0 , Note #0 is not a comment
Runas_Alias ROOT = #0
#ADMINS alias for the group admin + user root
Runas_Alias ADMINS = %admin, root
Command Aliases

Command aliases are lists of commands and directories. You can use this to specify a group of commands. If you specify a directory it will include any file within that directory but not in any subdirectories.

# All the power options commands
 Cmnd_Alias POWER_CMDS = /sbin/poweroff, /sbin/reboot, /sbin/halt
# Admin commands
 Cmnd_Alias ADMIN_CMDS = /usr/sbin/passwd, 
# User Management Commands 
Cmnd_Alias USERMAN_CMDS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/sbin/visudo
Host Aliases

A host alias is a list of hostname, ip address , networks , netgroups prefixed with a + plus symbol.
A host alias is a list of hostname, ip addresses, networks and netgroups (prefixed with a +).
Note: If you do not specify a netmask with a network the netmask of the hosts ethernet interface(s) will be used when matching, but it is a good practice to use netmask while configuring.

 # This is all the servers
 Host_Alias IAM_SERVERS = 10.10.2.5, 10.10.2.7, serverA
 # This is the whole network
 Host_Alias PUB_NET = 10.10.2.0/255.255.255.128
 # And this is every machine in the network that is not a server
 Host_Alias WORKSTATIONS = NETWORK, !SERVER
 # putting is all together
 # Host_Alias WORKSTATIONS = 10.10.2.0/255.255.255.128, !SERVERS
User Specifications

To make it all sense joining above declared aliases is the main part , this is where it is set WHO can run WHAT as WHO

  =   
 # LAMP Admins can run there commands provided they give password
 LAMPMIN LAMPSERVER= LAMP_CMDS
 # This lets run admin commands on all host under SERVER alias 
 ADMINS SERVERS= ADMIN_CMDS
 # This lets all the USERS run admin commands on the workstations provided 
# they give the root password or and admin password (using "sudo -u ")
 USERS WORKSTATIONS=(ADMINS) ADMIN_CMDS
 # This lets "patrick" run lamp commands without password on his local machine workstation10
 patrick workstation10= NOPASSWD: LAMP_CMDS
 # And this lets everybody print without requiring a password
 ALL ALL=(ALL) NOPASSWD: PRINTING_CMDS

 

Examples from Man Pages
 root            ALL = (ALL) ALL
 %wheel          ALL = (ALL) ALL
We let root and any user in group wheel run any command on any host as any user.
FULLTIMERS      ALL = NOPASSWD: ALL
Full time sysadmins may run any command on any host without authenticating.
WEBMASTERS  www = (www) ALL, (root) /usr/bin/su www
On the host www, any user in the WEBMASTERS User_Alias and may run any command
as user www (which owns the web pages) or simply su to www.
Important SUDO Commands

sudo -k

This command will remove the cached credential for the user and ask for the password in the next run sudo command.

sudo -l

Lists the current user permitted commands

sudo -Ul <user>

Lists the specified user permitted commands

sudo -v

Validates the user and increases the default cache for another default 15 min if that is set in configuration file.

sudo -V

Lists sudo version details and features

sudo -e

To edit the sudoers file , note export the preferred editor variable in bash before running this command.

export EDITOR=/bin/nano ;sudo visudo

In short sudo is a great feature in Nix operating system and it is a must known for system administrators.

Configuring Basic System Settings RHEL 8 web console part II

user management

User Management with Web Console

RHEL web console allows to perform below user management tasks:

    • Create new users accounts.
    • Change their parameters.
    • Lock accounts.
    • Terminate the user session.
Adding New account in Web Console
Step  1: Click Account
Step  2: Click Create new account
Step 3: In the create account dialog box add the Real Name
Step 4: Enter a unique username
Step 5: Enter a password
Step 6: Confirm the entered password

(Note: it is always advised to keep a strong password)

Step 7: Click Create

Once created User Name will be available in the list of users. In case you want to give it Administrator rights click the newly created user and click Server Administrator Role , that will add the newly created user to the wheel group used for sudo users.

Setting Expiration for an user

Expiration by default is set to never expire but it is possible to change the value by following below steps

Step 1 : Click Account
Step 2 : Click Account name you want to set the expiration
Step 3 : Add the required password change days
Step 4 : Click Change
Terminating User session
Step 1 : Click Account
Step 2 : Click Terminate Session

If button is not active that means the user is not login to the system

Lock Accounts
Step 1 : Click Account
Step 2 : Click Select the account to lock
Step 3: Click Lock Account

In the next part we will understand how to manage storage using the Web Console.

Configuring Basic System Settings RHEL 8 web console Part 1

cockpit

In this and subsequent part series some basic tasks a system administrator might need to perform which are optionally performed during installation.

RHEL 8 Web Console

Common task list a system admin performs via web console include 

  • Monitoring basic system features 
  • Inspect log files 
  • Managing docker files 
  • User management 
  • Service management 
  • Creating reports 
  • Package / Software management 
  • Network management 
  • SElinux / Security management 
  • Advance configuration task with the help of virtual terminal.

If your system does not have a RHEL 8 web console install follow the link to install before reading further. 

Restarting a system from web console
Step 1 : Click System
Step 2 : Power Option (dropdown)
Step 3 : Restart
Step 4 : write reason for restart (optional) -> 
Step 5 : select time interval before restart will take place (optional) or no delay in case of immediate restart
Step 6 : click Restart
Shutdown the system from web console
Step 1 : Click System
Step 2 : Power Option (dropdown)
Step 3 : Shutdown 
Step 4 : write reason for shutdown (optional) -> 
Step 5 : select time interval 
Step 6 : click Shutdown
Naming / Renaming Server from web console

Host name consist of two parts host + domain name. By default hostname is localhost.localdomain but you can change it during installation or from the web console.
For example:
rhel8server.testdom.it
You can configure also a pretty host name in the RHEL web console. This is specific to web console and is not considered a real hostname of the server. Capital letters , spaces are accepted characters for a pretty hostname.

Step 1 : Click System
Step 2 : Click Current Hostname
Step 3 : Enter Pretty Hostname
Step 4 : Enter Real Hostname
Step 5 : Click Change

Configuring NTP setting from web console
Step 1 : Click System
Step 2 : Click Current System Time
Step 3 : In the change time dialog box select correct timezone
Step 4 : In the change time dialog box Select "Set Time" drop down.

From the drop down you can select

Manual : for setting time manually

Automatic Using NTP : This is recommended option

Automatically Using specific NTP server : In case your company has there own NTP server select this option.

Step 5 : Click Change

 

Using web console for selecting performance profile

Performance profile are created and managed by the Tuned service.

Tuned is a service that monitors your system and optimizes the performance under certain workloads.

The core of Tuned are profiles, which tune your system for different use cases.
Tuned is distributed with a number of predefined profiles for use cases such as:
High throughput
Low latency
Saving power

Click the link to get full details about Configuring System Performance with Tuned in RHEL8

Steps to Change a profile with Web Console
Step 1 : Click System
Step 2 : Click current Performance Profile 
Step 3 : In the change current profile dialog box select the new profile
Step 4 : Click Change 

In part two of Configuring Basic System Settings RHEL 8 web console we will discuss about User account management with Web Console in RHEL8

Installing RHEL 8 Web Console

cockpit rhel 8 administration

RHEL 8 Cockpit Web Console is a web based management tool that allows you to complete many common RHEL tasks from a web browser , it is designed as per cloud OS. As a feature of any web based application it is accessible from remote machines by default.

Enabling Cockpit Web Console

By default cockpit gets installed on all RHEL 8 installations with exception to minimal installs, however it is not enabled by default, use below command to enable the web interface.

systemctl enable --now cockpit.socket

Notice that cockpit is a self contained application and does not require a web server to be installed to run this web application.

If you want to run cockpit dashboard locally from the desktop you can use below command to install the graphical interface.

 yum install virt-viewer

The next step is to open a web browser (either from a remote host, or from the RHEL 8 system console), and go to the RHEL 8 systems hostname or IP address, followed by :9090 to specify port 9090, for example: https://localhost.localdomain:9090

Log in to the Web Console with the root account, or with another RHEL account.

cockpit rhel 8 administration

Installing RHEL Red Hat Enterprise Linux 8

Red hat 8 Installation

Red hat 8 Installation

Requirements

  • Hardware : Linux in general and Red Hat kernel supports lots of different hardware variants as well as virtual environment . A complete list of redhat supported hardware you can verify  https://access.redhat.com/ecosystem/search/#/category/Server.
  •  Memory : 1.5GB minimum, 1.5GB per logical CPU recommended
  •  10GB minimum, 20GB recommended

Once requirements are out of the way make sure the boot is set in the physical / virtual environment before performing the boot. Below is the first screen on successful boot of RHEL8 CD. Pressing TAB key will display the actual command that will be executed upon install.

red hat cd boot

There are multiple ways to install RHEL 8 but the most common for the first installation is using an ISO , others will be discussed during installation below.

Red Hat Installatlion Language

The very first installation screen is the installation language , note this is not necessary the language to be used by the users. Select the required language by default US English is selected , press Continue

Red Hat Installation Option Menu

After selecting the installation language a very clean installation summary is given to select all the required option for the installation , most of these have the default already set such as Language Support and KDUMP , but few of these need to be set such as “Time & Date” , a new window will open for the time and date settings.

rhel time and date

from the above you can

  • set the time in 24 hour / 12 hours
  • select the date
  • Select region and city
  • Keyboard Layout
  • NTP Server Settings

Click Ok to return to Main Option Menu Screen.
ntp server settings
Red Hat Installation Option Menu

Next is the installation source , you can select different sources for your installation media as below.

rhel sources of installation

Auto-Detect installation media is the ISO image used for booting RHEL 8 setup , there is option to choose a custom ISO , add multiple repositories in your environment (if available) , perform Network Install. Click Done to get back to Main Options.

Red Hat Installation Option Menu

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Next is Software Selection , Pre Packaged bundles and custom packages , select the one that best suites your requirement.

package bundles

There are few pre-packaged bundles

  • Virtualization Host environment contains a set of software packages needed for running virtual machines on the system
  • Minimal install only installs a basic version of Red Hat Enterprise Linux with only a minimal amount of additional software
  • Server installs infrastructure and networking packages
  • Server with GUI installs infrastructure and networking + GUI
  • Workstation is the user friendly desktop , laptop packages
  • Custom Operating System installs all the packages that admin selects to install.

Once desired packages are selected click Done.  Next is the selection of Storage type.
storage drive rhel install

Select installation destination asks for the location to install the OS , it provide the option to select the new disk , select Automatic or Custom partitioning.

Full disk summary and boot loader link shows the options selected for the installation of the new operating system.

To understand Storage Configuration and how to setup storage kindly refer to Storage Configuration in RHEL 8 

Click Done , once configured.

Red Hat Installation Option Menu

Next select Network and Host Name as below, by default in RHEL 8 networking is disabled.

In the above screen you can select Static or Dynamic IP addressing , configure Host Name settings. By clicking on Configure you can set the static settings for route , DNS as well as static ip address.

Security Policy and System Purpose are optional settings.


After all the options are configured click “Begin Installation” and installation will commence. On the next screen there are two option to set the first user and the root password these are required before installation completes.

Once installation has completed you will see the option to reboot the system. Please make sure that the installation media is removed prior to reboot.

Copyright © 2021 | SaitCare Hub SDN BHD