Give sudo Access to Deployment Account

We've been using the Sudo command with our development account to carry out various 0:00 operations that require administrative access on the system. 0:05 The deployment account is going to need Sudo access as well but 0:09 they don't have it right now. 0:12 So, let's edit the conflict files that will give the deploy user Sudo access. 0:14 So let's take a look at the existing configuration. 0:19 We're gonna type sudo because this is a file that only administrators have access 0:21 to and we're going to use the cat program to print out the contents of 0:25 file in the /etc directory E-T-C 0:30 /sudoers these are people who have access to the sudo command. 0:34 Now notice the line here that sets up privileges for the root user, 0:41 that's the system administrative account. 0:45 Let's go ahead and copy that line because we're going to want our deploy user to 0:47 have similar privileges. 0:51 Notice also that there are comments at the top of the file first saying that this 0:53 file should be edited using the visudo command as root or using the sudo command. 0:57 Note also that there's a recommendation that you should add content 1:04 in the etc directory sudoers.d instead of modifying this file. 1:07 Let's take a look at the system manual for the visudo command so 1:12 that we understand why it recommended using it. 1:16 It says visudo edits the sudoers file in a safe fashion, 1:18 analogous to vipw, I actually don't know what this command does but 1:23 I'm sure it's another one that safely out its system configuration. 1:27 visudo locks the sudoers file against multiple simultaneous edits so 1:31 that if another developer is editing it at the same time you won't 1:36 both break each others changes. 1:39 It also provides basic sanity checks so 1:41 that you won't ruin the system if you make a syntax error. 1:43 And finally it checks for parts errors, so it sounds like it would be 1:47 a good idea to use the visudo command to make these changes. 1:52 Let's go ahead and use it, it's a system administrative command so 1:55 we need to run it as root, for us that just means using the sudo command again. 2:00 So we'll run the visudo command and 2:05 we're gonna specify a particular file that we need to edit with it for 2:08 the visudo command you do that with the- f command line flag. 2:12 We're gonna edit a file in the etc directory, 2:17 sudoers.d, Just like it recommended, 2:20 and we're gonna name this one deploy since it'll be for the deploy user. 2:25 Make absolutely sure not to include any dots in the actual file name or 2:29 the file will be ignored. 2:34 So there'll be no extension on this filename. 2:36 Even though the command is named visudo it won't bring up the vi editor unless that 2:41 set is your system editor. 2:45 Our system editor is set as nano so that's the editor it brings up for us. 2:47 And now I'm going to paste in the file that I copied from the sudoers file, 2:52 the one for the root user. 2:56 But this line here is set up for the root user, I'm going to edit it so 2:59 that it applies not to root but to the deploy user. 3:03 Now a quick explanation of what this line means is in order. 3:08 This will allow the deployed user to run commands on 3:13 any machine that you copy this file to, 3:16 it can run them while pretending to be any other user from any other user group. 3:19 And it can use sudo to run any command. 3:24 Don't worry about it if you don't understand all these details. 3:29 It just means that the deploy user has full control of the system using the sudo 3:32 command, as we did before let's hit control load to write out the file. 3:37 It'll say that it's writing it with the .tmp extension but that's because we're 3:42 using the visudo command to edit this file the .tmp file will be copied 3:47 back to a file named just etc sudoers.d/deploy. 3:52 So go ahead and confirm the default file name, And 3:59 with the file written out we can then exit. 4:03