Day 12 – Managing sudo Access for Users

🛡️ On Day 12, I learned how to manage sudo privileges for users on a Linux system using visudo and the /etc/sudoers.d/ directory. This is critical for maintaining secure, minimal-privilege administration in DevOps.

🧪 Hands-On Activities

🔍 Step 1: Confirmed User Context

whoami        # Verified current user (vagrant)

🔧 Step 2: install packages (as vagrant user)

sudo yum install <package name> -y

👤 Step 3: Created Test Users

sudo useradd test
sudo useradd ansible

🔐 Step 4: Switched to Root User

sudo -i    # Became root for system-wide config changes

🔑 Step 5: Configured sudo Access with visudo

• Opened the secure editor

    visudor
  

  • Also explored:

      ls -l /etc/sudoers
    

• Preferred method: using /etc/sudoers.d/ for modular config

    cd /etc/sudoers.d/
    ls
    cat vagrant
    cp vagrant devops
    vim devops       # Edited for ansible, jenkins, etc.
  

  Example entry:

    ansible ALL=(ALL) NOPASSWD: ALL
  

  ✅ This allows the user ansible to run any command via sudo without being prompted for a password.

  ---

  📌 Key Takeaways

  ✅ Use visudo to safely edit sudoers files (syntax-checked)
  ✅ Prefer /etc/sudoers.d/ for organized access control
  ✅ Grant only the minimum required privileges (principle of least privilege)
  ✅ NOPASSWD: is useful for automation users (e.g., ansible, jenkins)

  ---

  💬 Real-World DevOps Use Case

  In real-world CI/CD pipelines, services like Jenkins or Ansible need root-level tasks (like installing packages or restarting services). Granting NOPASSWD sudo access to automation users helps avoid prompts that would break scripts.

  ---

  🚀 What’s Next?

  In Day 13, I’ll dive into package managers like yum apt dnf to install different tools in linux.