Posted on Leave a comment

Create and manage users with Ansible – automatically create sudo users

Creating users is a very trivial task that requires time, especially if there is not a Active Directory mechanism integrated with the Linux servers. In order to make your life easier as an administrator you can run the below playbook that will create users based on a list and add them sudo capabilities.

Task 1
creates the users that have been specified on the loop section.

Task 2
creates the appropriate sudoers file

  1 ---               
  2 - name: create sudoers users based on request
  3   hosts: localhost
  4   become: true    
  5   tasks:          
  6     - name: create users based on a list
  7       user:       
  8         name: "{{ item }}"
  9         password: "{{ '#Passw0rd#' | password_hash('sha512') }}"
 10         shell: /bin/bash
 11       loop:       
 12         - user1
 13         - user2
 14                   
 15     - name: create sudoers file for user
 16       copy:       
 17         content: '{{ item }} ALL = (ALL) ALL'
 18         dest: "/etc/sudoers.d/{{item}}"
 19       loop:       
 20         - user1
 21         - user2

Run the playbook and verify that the password is correct and user has sudo capabilities.

ansible-playbook createusers.yml

Posted on Leave a comment

Users with superuser privileges – sudo and su on RHEL 8

Sudo and su are two powerful utilities on linux operating system that enables one to manipulate who is performing actions on the filesystem and with which privileges .

The main difference between those two tools is that if administrator uses su - username then he should provide the user password in order to switch to the end user rights. On the other hand with sudo command the administrator should use its own password in order to validate with the system that he wants to run as a superuser the command su - .

As a result by using sudo su - x you dont have to specify the end user password but your own password.

Another way you can authorize your self as superuser is with sudo -i so you do not have to provide the password of root in the system.

The sudo command is very powerful and useful in the linux systems because for security purposes many times you could find root user deactivated and each user has its own credentials and rights. Also actions performed with sudo commands are logged in the operating system.

The most important prerequisite in order to use sudo command in Red Hat or Centos Linux is to be a member of the wheel group. You can give a specific user sudo rights with the following:

Create a new file under /etc/sudoers.d/USERNAME

touch /etc/sudoers.d/operator

and then vi the operator file and add the following line:

operator ALL=(ALL) ALL

using sudo with a user that does not have admin rights.
using sudo after creating the necessary file under sudoers.d