sudo users

Question

Hello,  
  
We have a problem with the sudo command after a change on our lightsail instance.  
  
The user which has been created during the lightsail initialization is called "admin". He could use "sudo" without a password (in fact there is no password defined for him).  
  
In order to secure the system, we changed this line in the /etc/sudoers.d/90-cloud-init-users  
  
admin ALL=(ALL) NOPASSWD:ALL  
  
to   
  
root ALL=(ALL) NOPASSWD:ALL  
  
Now the system is really secure ;-) because we cannot use "sudo" anymore for the admin user.  
  
Is there any way to mount a system volume from one lightsail instance in a new lightsail rescue instance? Or are there any other tricks to change this simple line...?  
  
Thanks in advance,  
TCF

Answer

As far as I know, the only way you're supposed to update the sudoers file is to use visudo.

Answer

Thanks, David.  
  
Unfortunately we need sudo rights to use visudo.

Answer

I solved it!  
  
1. Stop the running instance  
2. Make a snapshot  
3. Create a new instance with all disks from the snapshot using this launch script:  
echo 'admin ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/90-cloud-init-users  
4. Detach static IP from old instance  
5. Attach static IP to new instance  
6. Check firewall rules of new instance  
7. Connect to new instance  
8. Do some cleanup in the sudoers file  
9. Remove old instance and old disks  
  
Puuuh ;-)

sudo users

相关内容