Heads up! To view this whole video, sign in with your Courses Plus account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
We've been using the "sudo" command from our developer account. But our deployment account doesn't have "sudo" access, which means it can't perform administrative actions on the system. Let's fix that now.
While logged into the server as your developer account (not the deployment account):
-
sudo visudo -f /etc/sudoers.d/deploy
(no dots in file name, or it will be ignored) - Add this text:
deploy ALL=(ALL:ALL) ALL
- This means that the
deploy
user can run commands on any machine you copy this file to, it can run them while pretending to be any other user, from any user group, and it can run any command.
- This means that the
Don't understand these details? Don't worry about them. It just means that the deploy
user has full control of the system through sudo
.
We've been using the Sudo command with our
development account to carry out various
0:00
operations that require
administrative access on the system.
0:05
The deployment account is going
to need Sudo access as well but
0:09
they don't have it right now.
0:12
So, let's edit the conflict files that
will give the deploy user Sudo access.
0:14
So let's take a look at
the existing configuration.
0:19
We're gonna type sudo because this is a
file that only administrators have access
0:21
to and we're going to use the cat
program to print out the contents of
0:25
file in the /etc directory E-T-C
0:30
/sudoers these are people who
have access to the sudo command.
0:34
Now notice the line here that sets
up privileges for the root user,
0:41
that's the system administrative account.
0:45
Let's go ahead and copy that line because
we're going to want our deploy user to
0:47
have similar privileges.
0:51
Notice also that there are comments at
the top of the file first saying that this
0:53
file should be edited using the visudo
command as root or using the sudo command.
0:57
Note also that there's a recommendation
that you should add content
1:04
in the etc directory sudoers.d
instead of modifying this file.
1:07
Let's take a look at the system manual for
the visudo command so
1:12
that we understand why
it recommended using it.
1:16
It says visudo edits the sudoers
file in a safe fashion,
1:18
analogous to vipw, I actually don't
know what this command does but
1:23
I'm sure it's another one that
safely out its system configuration.
1:27
visudo locks the sudoers file against
multiple simultaneous edits so
1:31
that if another developer is editing
it at the same time you won't
1:36
both break each others changes.
1:39
It also provides basic sanity checks so
1:41
that you won't ruin the system
if you make a syntax error.
1:43
And finally it checks for parts errors,
so it sounds like it would be
1:47
a good idea to use the visudo
command to make these changes.
1:52
Let's go ahead and use it,
it's a system administrative command so
1:55
we need to run it as root, for us that
just means using the sudo command again.
2:00
So we'll run the visudo command and
2:05
we're gonna specify a particular file
that we need to edit with it for
2:08
the visudo command you do that
with the- f command line flag.
2:12
We're gonna edit a file
in the etc directory,
2:17
sudoers.d, Just like it recommended,
2:20
and we're gonna name this one deploy
since it'll be for the deploy user.
2:25
Make absolutely sure not to include
any dots in the actual file name or
2:29
the file will be ignored.
2:34
So there'll be no
extension on this filename.
2:36
Even though the command is named visudo it
won't bring up the vi editor unless that
2:41
set is your system editor.
2:45
Our system editor is set as nano so
that's the editor it brings up for us.
2:47
And now I'm going to paste in the file
that I copied from the sudoers file,
2:52
the one for the root user.
2:56
But this line here is set up for
the root user, I'm going to edit it so
2:59
that it applies not to root but
to the deploy user.
3:03
Now a quick explanation of what
this line means is in order.
3:08
This will allow the deployed
user to run commands on
3:13
any machine that you copy this file to,
3:16
it can run them while pretending to be
any other user from any other user group.
3:19
And it can use sudo to run any command.
3:24
Don't worry about it if you don't
understand all these details.
3:29
It just means that the deploy user has
full control of the system using the sudo
3:32
command, as we did before let's hit
control load to write out the file.
3:37
It'll say that it's writing it with the
.tmp extension but that's because we're
3:42
using the visudo command to edit this
file the .tmp file will be copied
3:47
back to a file named just
etc sudoers.d/deploy.
3:52
So go ahead and
confirm the default file name, And
3:59
with the file written
out we can then exit.
4:03
You need to sign up for Treehouse in order to download course files.
Sign up