Your tutorials are very appreciated; they are clear and well thought out so that every possible question is answered and there is no confusion leftover, with some side knowledge showing useful tricks (like !! enters the previous command, I did not know this!)
I am literally brand new to Linux so these videos have been helpful. on a completely unrelated note, I hope you fixed that multi-frame poster on the wall behind you...
One thing to be aware of. If you put something in /etc/sudoers or /etc/sudoers.d and it contains an error, sudo will refuse to run, and you need root permissions to edit /etc/sudoers and /etc/sudoers.d. This can be quite a conundrum if you don't, as is the default, have a password on the root account. (I learned, from this, that you should use sudo -s to get a root shell to manipulate /etc/sudoers, and then su back to a user account and sudo echo hello just to check sudo is working fine before closing the root shell.)
It's easy to understand with RunAs and selected CmdLines. Can you give an example of "host restriction"? It's so obscure that it's almost impossible to imagine the usefulness that this function brings.
Thanks for showing us the finer settings on sudo. Since we can restrict a user to elevate apt, is there anyway to restrict the user to only use "apt update" and "apt upgrade"? In other words, restrict not only the program but specific sytanx. This would allow a user to only update and upgrade but not install new packages.
You can, but you probably shouldn't. A better option would be to make a wrapper script to run with the specific arguments you want, and then add a sudo rule to allow that script. With regards to apt specifically, I'd be very nervous letting someone upgrade packages if they can't also install/remove packages or run dpkg if needed to fix things if an upgrade goes wrong or causes some sort of breakage.
Jay, maybe you can give me an advise. I have a bash script that will be executed by a no-root user , but in the script needs to run a chown command (root privilege) what is the safer way to do it?? should i add the user to the sudoers file with the privilege to run chown command? Its a good practice to have sudo command within a script?
Hi Jay your video is very informative , thanks for all info, can you make video o rbash and rbash is how different from this sudoers configured command in sudoers file , thank you
Interesting thing with sudoedit is it don't know some settings (at least version on debian 10) and show warning when file are 100% correct, so it can lead to skip and save file with actual mistake
I have been playing around with Linode last couple of months and I think it would be useful to have a post-install script I would set up a few things on a new server install. By creating a new user on the server and making them part of the SUDO group, Removing root login, Doing upgrades and updates and activating automatic updates, installing some programs that are not installed by default, removing the capability of logging with password and of course before that loading your RSA keys. And I like my prompt certain way so I would like to add that to the script. Maybe sometime you could do a video on such a script?
Can you have multiple lines for a user which will give sudo access to some commands with password verification and other commands bypassing the need for password verification?
Not multiple lines, but you can comma delimitate each command you would want the password to be bypassed for. ALL=NOPASSWD:/bin/path_to_command1,/bin/path_to_command2
What a bad decision made by the sudo developers to use 'q' to save a wrong sudoers file. 'q' is actually what you would type to exit without saving. 'W' (uppercase) seems like a better option in my opinion.
Your tutorials are very appreciated; they are clear and well thought out so that every possible question is answered and there is no confusion leftover, with some side knowledge showing useful tricks (like !! enters the previous command, I did not know this!)
Just love the linux essentials series! Can't wait the next video
Nice! I just learned how to remove the password requirement in WSL. Thanks for your videos.
just gratitude to the makers n explainer
Thank you Teacher for all yr teaching...
Everytime I got new thing to learn from u ..
U are awesome ⭐
The leftmost picture behind your head is too high.
how did you even notice that?
"sudo !!"
It is going to help me a lot, thank you!!
I am literally brand new to Linux so these videos have been helpful.
on a completely unrelated note, I hope you fixed that multi-frame poster on the wall behind you...
At 13:28, short this does not work with a Pi. For the Pi, it's: sudo nano /etc/sudoers
really enjoying these!
If you type h or help when visudo gives you an error, then it will give you the options available.
One thing to be aware of. If you put something in /etc/sudoers or /etc/sudoers.d and it contains an error, sudo will refuse to run, and you need root permissions to edit /etc/sudoers and /etc/sudoers.d. This can be quite a conundrum if you don't, as is the default, have a password on the root account. (I learned, from this, that you should use sudo -s to get a root shell to manipulate /etc/sudoers, and then su back to a user account and sudo echo hello just to check sudo is working fine before closing the root shell.)
I found that it is possible to work around broken sudo and no root password using polkit.
Thank you for the video, I also just started reading "SUDO Mastery " by Michael W Lucas
His video on PAM is quite interesting. It seems like every distro does it wrong.
It's easy to understand with RunAs and selected CmdLines. Can you give an example of "host restriction"? It's so obscure that it's almost impossible to imagine the usefulness that this function brings.
Great video. My OCD can't stop looking at that left hand picture on your wall though .. it's not aligned!!!
great video and overview.
Thanks for showing us the finer settings on sudo. Since we can restrict a user to elevate apt, is there anyway to restrict the user to only use "apt update" and "apt upgrade"? In other words, restrict not only the program but specific sytanx. This would allow a user to only update and upgrade but not install new packages.
You can, but you probably shouldn't. A better option would be to make a wrapper script to run with the specific arguments you want, and then add a sudo rule to allow that script.
With regards to apt specifically, I'd be very nervous letting someone upgrade packages if they can't also install/remove packages or run dpkg if needed to fix things if an upgrade goes wrong or causes some sort of breakage.
The commands in sudoers can be either the command, or the command and specific arguments
@@omfgbunder2008 Do they need special syntax, then, or is the absence of a comma enough?
Many thanks. Nice instructional video!
you are a linux god man!!!!
Jay, maybe you can give me an advise. I have a bash script that will be executed by a no-root user , but in the script needs to run a chown command (root privilege) what is the safer way to do it?? should i add the user to the sudoers file with the privilege to run chown command? Its a good practice to have sudo command within a script?
I really love the part, of giving partial root access.
Hi Jay your video is very informative , thanks for all info, can you make video o rbash and rbash is how different from this sudoers configured command in sudoers file , thank you
Interesting thing with sudoedit is it don't know some settings (at least version on debian 10) and show warning when file are 100% correct, so it can lead to skip and save file with actual mistake
A concrete example would be nice.
I have been playing around with Linode last couple of months and I think it would be useful to have a post-install script I would set up a few things on a new server install. By creating a new user on the server and making them part of the SUDO group, Removing root login, Doing upgrades and updates and activating automatic updates, installing some programs that are not installed by default, removing the capability of logging with password and of course before that loading your RSA keys. And I like my prompt certain way so I would like to add that to the script. Maybe sometime you could do a video on such a script?
You probably should look into ansible, Jay has a whole video series about it on his channel.
@@Chris-rm1pn That looks way more involved than what I need. I just need a simple script, I'm just playing it's nothing super important.
I haven't checked my linode but I know DO can do this (although I've never used it)
Supremely good tutorial 👌
Super Cool! Thanks!
Can you have multiple lines for a user which will give sudo access to some commands with password verification and other commands bypassing the need for password verification?
Not multiple lines, but you can comma delimitate each command you would want the password to be bypassed for. ALL=NOPASSWD:/bin/path_to_command1,/bin/path_to_command2
What the best/correct way to login as root or another user?
Please what does sudo bash do?
Why we need to put sudo for tux user when it is configured just like root .
Just for demonstration purpose, and in case something goes wrong, the root account is not affected, I guess.
How do I log in back
23:17 YES. IT WAS
What a bad decision made by the sudo developers to use 'q' to save a wrong sudoers file. 'q' is actually what you would type to exit without saving. 'W' (uppercase) seems like a better option in my opinion.
Thanks
q on visudo is just wrong. it should be something like wq! , i will assume q is just quit
Gd tutireal
Excellence 🎉giveaway thanks 😊
thanks babe
It ALL good
👍
YOU SHOULD NEVER USE "Q"!!
👍