RH199 - ch03s08

Create groups, use them as supplementary groups for some users without changing those users' primary groups, and configure one of the groups with sudo access to run commands as root.

Outcomes

Create groups and use them as supplementary groups.
Configure sudo access for a group.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command creates the necessary user accounts to set up the environment correctly.

[student@workstation ~]$ lab start users-group

Instructions

From workstation, open an SSH session to servera as the student user and switch to the root user.

[student@workstation ~]$ ssh student@servera
...output omitted...
[student@servera ~]$ sudo -i
[sudo] password for student: student
[root@servera ~]#

Create the operators supplementary group with a GID of 30000.
```
[root@servera ~]# groupadd -g 30000 operators
```
Create the admin supplementary group without specifying a GID.
```
[root@servera ~]# groupadd admin
```

Verify that both the operators and admin supplementary groups exist.

[root@servera ~]# tail /etc/group
...output omitted...
operators:x:30000:
admin:x:30001:

Ensure that the operator1, operator2, and operator3 users belong to the operators group.

Add the operator1, operator2, and operator3 users to the operators group.

[root@servera ~]# usermod -aG operators operator1
[root@servera ~]# usermod -aG operators operator2
[root@servera ~]# usermod -aG operators operator3

Confirm that the users are in the group.

[root@servera ~]# id operator1
uid=1002(operator1) gid=1002(operator1) groups=1002(operator1),30000(operators)
[root@servera ~]# id operator2
uid=1003(operator2) gid=1003(operator2) groups=1003(operator2),30000(operators)
[root@servera ~]# id operator3
uid=1004(operator3) gid=1004(operator3) groups=1004(operator3),30000(operators)

Ensure that the sysadmin1, sysadmin2, and sysadmin3 users belong to the admin group. Enable administrative rights for all the admin group members. Verify that any member of the admin group can run administrative commands.

Add the sysadmin1, sysadmin2, and sysadmin3 users to the admin group.

[root@servera ~]# usermod -aG admin sysadmin1
[root@servera ~]# usermod -aG admin sysadmin2
[root@servera ~]# usermod -aG admin sysadmin3

Confirm that the users are in the group.

[root@servera ~]# id sysadmin1
uid=1005(sysadmin1) gid=1005(sysadmin1) groups=1005(sysadmin1),30001(admin)
[root@servera ~]# id sysadmin2
uid=1006(sysadmin2) gid=1006(sysadmin2) groups=1006(sysadmin2),30001(admin)
[root@servera ~]# id sysadmin3
uid=1007(sysadmin3) gid=1007(sysadmin3) groups=1007(sysadmin3),30001(admin)

Examine the /etc/group file to verify the supplementary group memberships.

[root@servera ~]# tail /etc/group
...output omitted...
operators:x:30000:operator1,operator2,operator3
admin:x:30001:sysadmin1,sysadmin2,sysadmin3

Create the /etc/sudoers.d/admin file so that the members of the admin group have full administrative privileges.
```
[root@servera ~]# echo "%admin ALL=(ALL) ALL" >> /etc/sudoers.d/admin
```

Switch to the sysadmin1 user (a member of the admin group) and verify that you can run a sudo command.

[root@servera ~]# su - sysadmin1
[sysadmin1@servera ~]$ sudo cat /etc/sudoers.d/admin
[sudo] password for sysadmin1: redhat
%admin ALL=(ALL) ALL

Return to the workstation machine as the student user.

[sysadmin1@servera ~]$ exit
logout
[root@servera ~]# exit
logout
[student@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish users-group

Revision: rh199-9.3-8dd73db

Click CREATE to build all of the virtual machines needed for the classroom lab environment. This may take several minutes to complete. Once created the environment can then be stopped and restarted to pause your experience.

If you DELETE your lab, you will remove all of the virtual machines in your classroom and lose all of your progress.