This Learn On Demand Pro Series is part of a Career Path: Become a Penetration Tester
This hands-on lab provides a Linux administrator with an understanding of how to determine their current privilege level and operating context, elevate their privileges to root, and delegate root privilege to non-privileged users to perform administrative tasks on their behalf. These skills are important for a Linux Administrator and for the role of a Penetration Tester or other roles that require the use of Linux systems.
Understand the scenario
You are a system administrator for a company implementing security standards. You will sign in to a lab provided CentOS 7 Linux server with a non-privileged account. You will demonstrate that the user account cannot perform general administrative tasks. Then, you will demonstrate using the root credentials to perform the same administrative tasks successfully. Finally, you will delegate administrative ability for a non-privileged user to perform specific administrative tasks.
Attempt to create a user, restart the sshd service, and view a log file without root privileges:
In the first part of this lab, you will be signed in with a non-privileged user account. You will attempt to run commands that require elevated privilege (such as add a user, restart a service, or read the contents of an administrative log file). You will demonstrate that the user account, in fact, is not allowed to perform these tasks and that permission or access is denied.
Get root credentials using su:
For this task, you will use two different methods of gaining root privilege. One method is to run under the context of the current user (i.e., stay in your working directory space). The other allows you to change your privilege and change your user context to root (i.e., move to the root user’s working directory space). These tasks are performed using the super user (su) command. Running with root privilege, you will perform a few administrative tasks, displaying that you now have the adequate privilege as root.
Delegate the ability to perform tasks to a non-privileged account:
To delegate tasks to other users, but not have to relinquish the full control (or share the password) of the root account is an important administrative technique. In this section, you will learn how to assign root privilege for specific tasks to non-privileged users by modifying the sudoers file. This file is where you can assign the ability for a regular non-privileged user to use the command sudo (meaning to do on behalf of the super user) to perform administrative tasks. You will assign sudo privilege to a non-privileged user to add users and administer the sshd service. This lesson will help you understand how to apply the “principle of least privilege” within your environment.
Lab Summary Conclusion:
In this hands-on virtual lab, you will learn how to determine your operational context as a user on a Linux system. You will also learn how to change your privilege to root and to change your operating context if desired. Then, you will apply the principle of least privilege, by assigning non-privileged users the ability to use sudo to perform administrative functions on behalf of the administrator. These skills are important for a Linux Administrator and for the role of a Penetration Tester or other roles that require the use of Linux systems.
Other Challenges in this series
- GUIDED CHALLENGE: Vim Basics in Linux
- ADVANCED CHALLENGE: Can You Manage Users in Linux?
See the full benefits of our immersive learning experience with interactive courses and guided career paths.