Day 22 || Switching Users and Superuser Privileges || DevOps Bootcamp

Definition: User switching, achieved through the su command, allows you to switch from your current user account to another. This is helpful for performing tasks that require superuser privileges.
Usage: Open a terminal and type su, followed by the username of the account you want to switch to.
Example: To switch to the root user, type su root and enter the root user's password when prompted.
Security Note: Be cautious when using su as it grants full access to the target account, which can be risky if used improperly.

Introduction: su - is a more secure way to switch users as it starts a new shell session with the target user's environment. It's the recommended method for switching to the root user.
Usage: Type su - followed by the username of the account you want to switch to.
Example: To securely switch to the root user, type su - root and enter the root user's password when prompted.

Overview: sudo is a powerful command that allows authorized users to execute specific commands with superuser privileges. The configuration for sudo is stored in the sudoers file.
Accessing sudoers: Use the visudo command to safely edit the sudoers file. It opens the file in a text editor and performs syntax validation.
Adding User to sudo Group: Ensure that the user is a member of the sudo group. You can use the usermod command: sudo usermod -aG sudo username.

Edit sudoers: Run sudo visudo to open the sudoers file for editing.
Granting All Permissions: To grant a user all permissions, add the following line to the file:
```
  username ALL=(ALL:ALL) ALL
```
Replace username with the actual username.
Granting Specific Permissions: To grant specific permissions, use this syntax:
```
  username ALL=(ALL:ALL) command_to_execute
```
Replace username with the username, and command_to_execute with the specific command.
Example: To allow the user "john" to restart the Apache web server, add:
```
  john ALL=(ALL:ALL) /usr/sbin/service apache2 restart
```
Security Note: Always be cautious when editing the sudoers file to prevent unintentional access or privilege escalation.

Step 5: Save and Exit sudoers

When using visudo, the changes are automatically saved if there are no syntax errors. Simply exit the text editor.

Step 6: Testing sudo Access

To test sudo access, open a new terminal and run a command with sudo. For example, to restart Apache as "john," use:
```
  bashCopy codesudo /usr/sbin/service apache2 restart
```
You'll be prompted to enter your own password or, if configured, the user's password.

Step 7: Review and Audit

Periodically review and audit your sudoers file to ensure that users have appropriate permissions. Remove unnecessary or overly permissive entries.

Home Activity: Now that you've learned about user switching, securing user switching, and managing user privileges with sudo, it's time to put your knowledge into practice. Create a new user account on your Linux system and configure their permissions using the sudoers file.
Steps:
1. Open a terminal window.
2. Use the sudo useradd command to create a new user, replacing newuser with your desired username:
```
 sudo useradd newuser
```
3. Set a password for the new user:
```
 sudo passwd newuser
```
  Follow the prompts to set and confirm the password.
4. Edit the sudoers file using sudo visudo to grant specific permissions to the new user, just like you've learned in the previous steps.
5. Save your changes and exit the sudoers file.
6. Open a new terminal and switch to the new user using the su - newuser command.
7. Test the new user's access by running a command that you granted them permission for using sudo.
Objective: By completing this home activity, you'll gain hands-on experience in creating a new user account, configuring their permissions, and testing their access. This practical exercise will reinforce your understanding of user management in Linux and enhance your system administration skills.

Table of contents