Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

sudo users

0

Hello,

We have a problem with the sudo command after a change on our lightsail instance.

The user which has been created during the lightsail initialization is called "admin". He could use "sudo" without a password (in fact there is no password defined for him).

In order to secure the system, we changed this line in the /etc/sudoers.d/90-cloud-init-users

admin ALL=(ALL) NOPASSWD:ALL

to

root ALL=(ALL) NOPASSWD:ALL

Now the system is really secure ;-) because we cannot use "sudo" anymore for the admin user.

Is there any way to mount a system volume from one lightsail instance in a new lightsail rescue instance? Or are there any other tricks to change this simple line...?

Thanks in advance,
TCF

Themen
Kalkulation
Tags
Amazon Lightsail
Sprache
English
tcf
gefragt vor 5 Jahren667 Aufrufe
3 Antworten
0

As far as I know, the only way you're supposed to update the sudoers file is to use visudo.

profile picture
David G
beantwortet vor 5 Jahren
0

Thanks, David.

Unfortunately we need sudo rights to use visudo.

tcf
beantwortet vor 5 Jahren
0

I solved it!

  1. Stop the running instance
  2. Make a snapshot
  3. Create a new instance with all disks from the snapshot using this launch script:
    echo 'admin ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/90-cloud-init-users
  4. Detach static IP from old instance
  5. Attach static IP to new instance
  6. Check firewall rules of new instance
  7. Connect to new instance
  8. Do some cleanup in the sudoers file
  9. Remove old instance and old disks

Puuuh ;-)

tcf
beantwortet vor 5 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt