Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

sudo users

0

Hello,

We have a problem with the sudo command after a change on our lightsail instance.

The user which has been created during the lightsail initialization is called "admin". He could use "sudo" without a password (in fact there is no password defined for him).

In order to secure the system, we changed this line in the /etc/sudoers.d/90-cloud-init-users

admin ALL=(ALL) NOPASSWD:ALL

to

root ALL=(ALL) NOPASSWD:ALL

Now the system is really secure ;-) because we cannot use "sudo" anymore for the admin user.

Is there any way to mount a system volume from one lightsail instance in a new lightsail rescue instance? Or are there any other tricks to change this simple line...?

Thanks in advance,
TCF

Tópicos
Computação
Tags
Amazon Lightsail
Idioma
English
tcf
feita há 5 anos666 visualizações
3 Respostas
0

As far as I know, the only way you're supposed to update the sudoers file is to use visudo.

profile picture
David G
respondido há 5 anos
0

Thanks, David.

Unfortunately we need sudo rights to use visudo.

tcf
respondido há 5 anos
0

I solved it!

  1. Stop the running instance
  2. Make a snapshot
  3. Create a new instance with all disks from the snapshot using this launch script:
    echo 'admin ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/90-cloud-init-users
  4. Detach static IP from old instance
  5. Attach static IP to new instance
  6. Check firewall rules of new instance
  7. Connect to new instance
  8. Do some cleanup in the sudoers file
  9. Remove old instance and old disks

Puuuh ;-)

tcf
respondido há 5 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante