Bummer! This is just a preview. You need to be signed in with a Pro account to view the entire video.
Give sudo Access to Deployment Account4:08 with Jay McGavren
We've been using the "sudo" command from our developer account. But our deployment account doesn't have "sudo" access, which means it can't perform administrative actions on the system. Let's fix that now.
While logged into the server as your developer account (not the deployment account):
sudo visudo -f /etc/sudoers.d/deploy(no dots in file name, or it will be ignored)
- Add this text:
deploy ALL=(ALL:ALL) ALL
- This means that the
deployuser can run commands on any machine you copy this file to, it can run them while pretending to be any other user, from any user group, and it can run any command.
- This means that the
Don't understand these details? Don't worry about them. It just means that the
deploy user has full control of the system through
We've been using the Sudo command with our development account to carry out various 0:00 operations that require administrative access on the system. 0:05 The deployment account is going to need Sudo access as well but 0:09 they don't have it right now. 0:12 So, let's edit the conflict files that will give the deploy user Sudo access. 0:14 So let's take a look at the existing configuration. 0:19 We're gonna type sudo because this is a file that only administrators have access 0:21 to and we're going to use the cat program to print out the contents of 0:25 file in the /etc directory E-T-C 0:30 /sudoers these are people who have access to the sudo command. 0:34 Now notice the line here that sets up privileges for the root user, 0:41 that's the system administrative account. 0:45 Let's go ahead and copy that line because we're going to want our deploy user to 0:47 have similar privileges. 0:51 Notice also that there are comments at the top of the file first saying that this 0:53 file should be edited using the visudo command as root or using the sudo command. 0:57 Note also that there's a recommendation that you should add content 1:04 in the etc directory sudoers.d instead of modifying this file. 1:07 Let's take a look at the system manual for the visudo command so 1:12 that we understand why it recommended using it. 1:16 It says visudo edits the sudoers file in a safe fashion, 1:18 analogous to vipw, I actually don't know what this command does but 1:23 I'm sure it's another one that safely out its system configuration. 1:27 visudo locks the sudoers file against multiple simultaneous edits so 1:31 that if another developer is editing it at the same time you won't 1:36 both break each others changes. 1:39 It also provides basic sanity checks so 1:41 that you won't ruin the system if you make a syntax error. 1:43 And finally it checks for parts errors, so it sounds like it would be 1:47 a good idea to use the visudo command to make these changes. 1:52 Let's go ahead and use it, it's a system administrative command so 1:55 we need to run it as root, for us that just means using the sudo command again. 2:00 So we'll run the visudo command and 2:05 we're gonna specify a particular file that we need to edit with it for 2:08 the visudo command you do that with the- f command line flag. 2:12 We're gonna edit a file in the etc directory, 2:17 sudoers.d, Just like it recommended, 2:20 and we're gonna name this one deploy since it'll be for the deploy user. 2:25 Make absolutely sure not to include any dots in the actual file name or 2:29 the file will be ignored. 2:34 So there'll be no extension on this filename. 2:36 Even though the command is named visudo it won't bring up the vi editor unless that 2:41 set is your system editor. 2:45 Our system editor is set as nano so that's the editor it brings up for us. 2:47 And now I'm going to paste in the file that I copied from the sudoers file, 2:52 the one for the root user. 2:56 But this line here is set up for the root user, I'm going to edit it so 2:59 that it applies not to root but to the deploy user. 3:03 Now a quick explanation of what this line means is in order. 3:08 This will allow the deployed user to run commands on 3:13 any machine that you copy this file to, 3:16 it can run them while pretending to be any other user from any other user group. 3:19 And it can use sudo to run any command. 3:24 Don't worry about it if you don't understand all these details. 3:29 It just means that the deploy user has full control of the system using the sudo 3:32 command, as we did before let's hit control load to write out the file. 3:37 It'll say that it's writing it with the .tmp extension but that's because we're 3:42 using the visudo command to edit this file the .tmp file will be copied 3:47 back to a file named just etc sudoers.d/deploy. 3:52 So go ahead and confirm the default file name, And 3:59 with the file written out we can then exit. 4:03
You need to sign up for Treehouse in order to download course files.Sign up