By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

sudo users

0

Hello,

We have a problem with the sudo command after a change on our lightsail instance.

The user which has been created during the lightsail initialization is called "admin". He could use "sudo" without a password (in fact there is no password defined for him).

In order to secure the system, we changed this line in the /etc/sudoers.d/90-cloud-init-users

admin ALL=(ALL) NOPASSWD:ALL

to

root ALL=(ALL) NOPASSWD:ALL

Now the system is really secure ;-) because we cannot use "sudo" anymore for the admin user.

Is there any way to mount a system volume from one lightsail instance in a new lightsail rescue instance? Or are there any other tricks to change this simple line...?

Thanks in advance,
TCF

Topics
Compute
Tags
Amazon Lightsail
Language
English
tcf
asked 5 years ago654 views
3 Answers
0

As far as I know, the only way you're supposed to update the sudoers file is to use visudo.

profile picture
David G
answered 5 years ago
0

Thanks, David.

Unfortunately we need sudo rights to use visudo.

tcf
answered 5 years ago
0

I solved it!

  1. Stop the running instance
  2. Make a snapshot
  3. Create a new instance with all disks from the snapshot using this launch script:
    echo 'admin ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/90-cloud-init-users
  4. Detach static IP from old instance
  5. Attach static IP to new instance
  6. Check firewall rules of new instance
  7. Connect to new instance
  8. Do some cleanup in the sudoers file
  9. Remove old instance and old disks

Puuuh ;-)

tcf
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content