How To: Setup sudo in Debian

sudo in Debian Linux

Apparently, Debian installer doesn’t install or activate sudo by default. This means that sudo command is not found the only privilege escalation method available is becoming root via su command. Since I like and use sudo daily, I decided to install and setup it on Debian VM.

Install sudo package in Debian

That’s the very first step you’ll need to do: use apt to install sudo. You need to become root before you do it, of course (so you must know root user password for your Debian install):

greys@debian:~$ su -
Password:
root@debian:~ # apt install sudo
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
  sudo
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/1,245 kB of archives.
After this operation, 3,886 kB of additional disk space will be used.
Selecting previously unselected package sudo.
(Reading database … 174742 files and directories currently installed.)
Preparing to unpack …/sudo_1.8.27-1_amd64.deb …
Unpacking sudo (1.8.27-1) …
Setting up sudo (1.8.27-1) …
Processing triggers for man-db (2.8.5-2) …
Processing triggers for systemd (241-5) …
root@debian:~ # sudo
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
usage: sudo [-AbEHknPS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] []
usage: sudo -e [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file …

Configure /etc/sudoers File

/etc/sudoers is the main configuration file for sudo command. It contains list of users and groups that are allowed to become root (or become other users by invoking su command as root).

Here’s the default file in Debian 10 Buster:

root@debian:~ # cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
 
# User alias specification
 
# Cmnd alias specification
 
# User privilege specification
root    ALL=(ALL:ALL) ALL
 
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
 
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

I’ve highlighted the 3 most important elements of this file at this early stage:

root    ALL=(ALL:ALL) ALL

This is the line that allows you to debug sudo commands as root user.

At this means that any user that belongs to group sudo will also be allowed to use sudo commands:

%sudo   ALL=(ALL:ALL) ALL

Finally, this part includes additional configuration files from /etc/sudoers.d directory:

#includedir /etc/sudoers.d

… this means you don’t have to edit /etc/sudoers file but instead can create a specific file in /etc/sudoers.d and name it self-descriptively, like:

/etc/sudoers.d/web-server-admins

meaning, that this file will contain usernames and privileges required by web-server admins (usually commands like stopping/starting Apache or nginx webserver).

Since this is a very basic tutorial, we don’t have to edit the file at all – just need to add our user (mine is greys, as you remember) to the sudo group and check.

Add user to sudo group

Step 1: let’s make sure sudo is not accessible before we begin

This needs to be run as your regular user, not as root:

greys@debian:~$ sudo -i
[sudo] password for greys:
greys is not in the sudoers file.  This incident will be reported.
greys@debian:~$

Let’s check my groups just to be sure there’s no sudo among them:

greys@debian:~$ id greys
uid=1000(greys) gid=1000(greys) groups=1000(greys),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),112(bluetooth),116(scanner)

Step 2: add user to sudo group

Excellent, now it’s time to add user greys to the group sudo (we must become root again to run usermod command)

root@debian:~ # usermod -a -G sudo greys
root@debian:~ # id greys
uid=1000(greys) gid=1000(greys) groups=1000(greys),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev),112(bluetooth),116(scanner)

As you can see, I’m now a member of the sudo group!

Step 3: Log out and log back in for group membership to be recognised

Now you need to disconnect from your server or desktop session and log in again, so that your group membersip is recognised. One reconnected, check your groups with id command and try sudo again:

greys@debian9:~$ id
uid=1000(greys) gid=1000(greys) groups=1000(greys),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev),112(bluetooth),116(scanner)

so yes, we’re a member of sudo group now… This is the moment of truth! Let’s try to become root:

greys@debian:~$ sudo -i
root@debian:~ # id
uid=0(root) gid=0(root) groups=0(root)

Tha’ts it for today!

See Also



How To Create a Unix Group with Ansible

Red Hat Ansible

I’m configuring a new dedicated server this weekend and think it will be great to capture small notes as I go. Today it’s a small basic example, perfect for Ansible beginners: creating a Unix group.

Ansible Playbook for Creating a Group

Here’s the sample playbook file groups.yaml in its entirety:

---
- hosts: techstack
  become: true
  become_user: root
  become_method: su 

  tasks: 
    - name: Create Tech Stack group
      group: name=techstack2 gid=1002 state=present

Going line by line, this example uses:

  1. Ansible hosts file – specifically, group of hosts named techstack
  2. Become method – meaning I give instructions to Ansible playbook for elevating privileges on remote hosts – effectively becoming another user. In this case, the user (become_user) is root, and the way to become this user is su (not sudo!)
  3. group module – it’s one of the most standard modules in Ansible, allowing you to manage Unix groups. As always, you specify the name of the group (techstack2) and the group id for it (1002).

How To Run Group Playbook in Ansible

Because there’s su method involved, Ansible playbook will be expected to provide a password for root user on the remote hosts. But with no password definition in sight, we have to supply password using command line:

greys@maverick:~ $ ansible-playbook groups.yaml –ask-become-pass

This will ask for a password before running the playbook – strangely enough it says SUDO password, but then works just fine:

Ansible Playbook Creating a Unix Group

See Also



How To Tag Docker Images

How To Tag Docker Images

I’m migrating a few Docker containers between hosts and realised that one step that always needs to happen to any image is tagging – this will save you confusion and time in the future.

How Untagged Docker Images Look

Without tags, you just see the Docker Image IDs in the list – that’s the only identifier you can use for spinning up Docker containers based on such images:

root@debian:~# docker images                                                                                                                                 REPOSITORY    TAG       IMAGE ID          CREATED           SIZE
                        174793a6cdeb      44 minutes ago    951MB
                        12fe92cbee30      44 minutes ago    367MB

How To Tag Docker Images

Although it’s called tagging, technically this process allows you to specify a repository for your Docker image – effectively giving the image a name. If you want to specify that this is one of the many images belonging to a particular group or vendor, use / delimited notation like this:

unixtutorial/web-server

Where unixtutorial is a group or organisation (repository) and web-server is its subsection.

In my examples I’m using my consultancy codename – techstack: techstack/confluence for the wiki engine and techstack/db for my custom build of MariaDB.

Simply run the docker tag command, first parameter is the image ID and second is the repository (with optional tag, by default it will be tag called “latest”):

root@debian:~# docker tag 12fe92cbee30 techstack/db 
root@debian:~# docker tag 174793a6cdeb techstack/confluence

You can tag or rename the same image more than once: in this case I’m tagging the same image with repository name techstack/confluence and tag “new”:

root@debian:~# docker tag 174793a6cdeb techstack/confluence:new

How Tagged Docker Images Look

This is much better now:

root@debian:/storage/docker # docker images
REPOSITORY             TAG       IMAGE ID        CREATED       SIZE
techstack/confluence   latest    174793a6cdeb    3 hours ago   951MB
techstack/confluence   new       174793a6cdeb    4 hours ago   951MB
techstack/db           latest    12fe92cbee30    3 hours ago   367MB

That’s it for today!

See Also



sed replace examples

sed replace

sed is one of the advanced Unix commands for search/replace processing of text information. Command itself is very simple but most scenarios requiring its use are fairly advanced elements of systems administration. Thanks to Unix pipes, sed is often used chained with other commands to transform fragments of text.

Basic sed replace example

Here’s how you can replace one of the words in an text given as input to sed:

greys@maverick:~ $ echo 'hi, world'
hi, world
greys@maverick:~ $ echo 'hi, world' | sed 's/hi/hello/'
hello, world

sed Replaces Every Matched Occurrence

It’s not always obvious from a single line example, but sed processes all the lines of the given text input and makes as many replacements of matched patters as necessary:

greys@maverick:~ $ echo -e 'hi, world \n hi again' | sed 's/hi/hello/'
 hello, world
  hello again

sed is often used together with awk command, together they are a very powerful combination for processing large amounts of text and converting text into the desired format.

See Also



How To: Install Docker for Mac

Docker for Mac

Turns out, plenty of native macOS apps can be installed using the brew package manager. Among them is Docker, so I decided to try how it installs and works.

Docker for Mac

The easiest is, of course, just to use the native installer provided by Docker maintaners: you download the Docker.dmg file, install it and end up with an app called Docker Desktop:

Install Docker with brew

But since I wanted to try more automated install, I used brew:

greys@maverick:~ $ brew cask install docker
 ==> Satisfying dependencies
 ==> Downloading https://download.docker.com/mac/stable/37199/Docker.dmg
 Already downloaded: /Users/greys/Library/Caches/Homebrew/downloads/01aa470f5479ce702d59bc8d825681bca704ab964279558efd5a2187b126791c--Docker.dmg
 ==> Verifying SHA-256 checksum for Cask 'docker'.
 ==> Installing Cask docker
 ==> Moving App 'Docker.app' to '/Applications/Docker.app'.
 🍺  docker was successfully installed!
 You have mail in /var/mail/greys

That was it! Overall – great improvement of the steps I would normally take to install Docker.

Upon starting this /Applications/Docker.app for the first time, I got the security prompt:

Docker App Security Prompt

But that’s it – after that Docker worked exactly the same and had the very same versions of all the components:

Docker for Mac

Will be trying my most used software installs using brew, it seems a great way to be downloading/installing software in bulk – should be great for new laptop setup (if/when I get it) – I have been upgrading macOS in-place for the past 5 years or so, and think it will be awesome to someday migrate to a brand new clean macOS setup.

See Also



Installing Kali Linux 2019.2

It appears that Kali Linux is supported on the latest Raspberry Pi model, RPi 4. So I thought I’d get familiar with the install process and Kali Linux basics by trying it out in a VirtualBox VM.

What is Kali Linux?

Kali Linux is a Debian-based Linux distro made by security professionals (Offensive Security) for security assessments, penetration testing and digital forensics. It comes with hundreds of open-source tools grouped for effective use and optimized for speedy network discovery and vulnerability assessment.

How To Download Kali Linux

I downloaded a normal ISO image to see how installer works, but it’s also possible to just get the VirtualBox VM image with Kali Linux.

Kali Linux Installation Screenshots

Here are the screens of my install process – nothing unusual and a fairly smooth install process.

I think I got them here in the right order, but if something’s off and not straightforward – let me know!

As always, I had to do install more than once because disk size is suggested as 8GB in VirtualBox which is not enough for modern Debian derived installs – so installer fails halfway and you need to expand the disk – I’ve seen the same issues trying to install Debian 10 Buster.

Will try and install it onto Raspberry Pi 4 as one of the upcoming Unix Tutorial projects.

See Also



Convert Epoch Time with Python

Convert Unix Epoch with Python

I’m slowly improving my Python skills, mostly by Googling and combining multiple answers to code a solution to my systems administration tasks. Today I decided to write a simpe converter that takes Epoch Time as a parameter and returns you the time and date it corresponds to.

datetime and timezone Modules in Python

Most of the functionality is done using the fromtimestamp function of the datetime module. But because I also like seeing time in UTC, I decided to use timezone module as well.

epoch.py script

#!/Library/Frameworks/Python.framework/Versions/3.6/bin/python3

import sys
from datetime import datetime, timezone

if len(sys.argv)>1:
  print ("This is the Epoch time: ", sys.argv[1])

  try:
      timestamp = int(sys.argv[1])

      if timestamp>0:
        timedate = datetime.fromtimestamp(timestamp)
        timedate_utc = datetime.fromtimestamp(timestamp, timezone.utc)

        print ("Time/date: ", format(timedate))
        print ("Time/date in UTC: ", format(timedate_utc))
  except ValueError:
        print ("Timestamp should be a positive integer, please.")
else:
  print ("Usage: epoch.py <EPOCH-TIMESTAMP>")

FIXME: I’ll revisit this to re-publish script directly from GitHub.

Here’s how you can use the script:

greys@maverick:~/proj/python $ ./epoch.py 1566672346
 This is the Epoch time:  1566672346
 Time/date:  2019-08-24 19:45:46
 Time/date in UTC:  2019-08-24 18:45:46+00:00

I implemented basic checks:

  • script won’t run if no command line parameters are passed
  • an error message will be shown if command line parameter isn’t a number (and therefore can’t be a timestamp)

Do you see anything that should be changed or can be improved? Let me know!

See Also



Show Monitor Resolutions with xrandr

Unix Tutorial

One of the things still left to be done on my Ubuntu laptop is to get the full resolution output on my LG 5K monitor. This is still work in progress, but one of the most useful tools for getting there is xrandr.



What is RandR

You may know that most of Linux laptops and desktops are using X11 or Xorg graphics system for providing core functionality to higher level graphics environments like Gnome, MATE or KDE.

RandR is one of the most common modules of X11/Xorg, it’s a plugin implementing basic Resize, Rotate and Reflect – RandR for short.

xrandr command

xrandr is a great command line utility that provides low-level management of your displays, detecting monitor resolutions and adding new display modes.

Here’s the most basic way of using xrandr: simply run it without parameters to see all the attached graphics devices and their resolutions:

greys@xps:~ $ xrandr
Screen 0: minimum 320 x 200, current 4096 x 2304, maximum 8192 x 8192
 eDP-1 connected (normal left inverted right x axis y axis)
    3840x2160     60.00 +  59.98    59.97  
    3200x1800     59.96    59.94  
    2880x1620     59.96    59.97  
    2560x1600     59.99    59.97  
    2560x1440     59.99    59.99    59.96    59.95  
    2048x1536     60.00  
    1920x1440     60.00  
    1856x1392     60.01  
    1792x1344     60.01  
    2048x1152     59.99    59.98    59.90    59.91  
    1920x1200     59.88    59.95  
    1920x1080     60.01    59.97    59.96    59.93  
    1600x1200     60.00  
    1680x1050     59.95    59.88  
    1600x1024     60.17  
    1400x1050     59.98  
    1600x900      59.99    59.94    59.95    59.82  
    1280x1024     60.02  
    1440x900      59.89  
    1400x900      59.96    59.88  
    1280x960      60.00  
    1440x810      60.00    59.97  
    1368x768      59.88    59.85  
    1360x768      59.80    59.96  
    1280x800      59.99    59.97    59.81    59.91  
    1152x864      60.00  
    1280x720      60.00    59.99    59.86    59.74  
    1024x768      60.04    60.00  
    960x720       60.00  
    928x696       60.05  
    896x672       60.01  
    1024x576      59.95    59.96    59.90    59.82  
    960x600       59.93    60.00  
    960x540       59.96    59.99    59.63    59.82  
    800x600       60.00    60.32    56.25  
    840x525       60.01    59.88  
    864x486       59.92    59.57  
    800x512       60.17  
    700x525       59.98  
    800x450       59.95    59.82  
    640x512       60.02  
    720x450       59.89  
    700x450       59.96    59.88  
    640x480       60.00    59.94  
    720x405       59.51    58.99  
    684x384       59.88    59.85  
    680x384       59.80    59.96  
    640x400       59.88    59.98  
    576x432       60.06  
    640x360       59.86    59.83    59.84    59.32  
    512x384       60.00  
    512x288       60.00    59.92  
    480x270       59.63    59.82  
    400x300       60.32    56.34  
    432x243       59.92    59.57  
    320x240       60.05  
    360x202       59.51    59.13  
    320x180       59.84    59.32  
 DP-1 connected (normal left inverted right x axis y axis)
    2560x2880     60.00  
 DP-2 connected primary 4096x2304+0+0 (normal left inverted right x axis y axis) 600mm x 340mm
    3840x2160     60.00 +
    4096x2304     60.00* 
    3200x1800     60.00  
    2560x1440     60.00  
    640x480       59.94

Understanding the xrandr output

Structured output lists multiple monitors connected: eDP (embedded Display Port – this is used for the primary laptop screen) and DP-1/DP2 – which are Display Ports for external connections.

I have highlighted the 4K resolution I’m getting so far, and think additional trickery would be needed to get this monitor show its true 5K (5120×2880) resolution. Stay tuned!

See Also



Examples of Using ip command

ip command showing IPv4 addresses

You may have seen the ip command page on this website, and even used ip addr show version of it. Here’s a few more really powerful options for ip.

Show Only IPv4 Addresses with ip command

If default ip addr show (or ip a for short) is too much information:

greys@becky:~ $ ip addr show
 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
     inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever
 2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
     link/ether b8:27:eb:b5:fb:da brd ff:ff:ff:ff:ff:ff
     inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
        valid_lft forever preferred_lft forever
     inet6 fe80::ba27:ebff:feb5:fbda/64 scope link
        valid_lft forever preferred_lft forever

…just specify the -4 option (short for IPv4) to only show IPv4 addresses info:

greys@becky:~ $ ip -4 addr show
 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
     inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
 2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
     inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
        valid_lft forever preferred_lft forever

Show Specific Interface with ip command

To further narrow it down and show just info for one of the interfaces, specify it in the command line:

greys@becky:~ $ ip -4 addr show dev eth0
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
     inet 192.168.1.66/24 brd 192.168.1.255 scope global eth0
        valid_lft forever preferred_lft forever

Show Brief Summary using ip command

Just specify -br option to see just bare essentials for the specified interfaces (or all of them if you’re not indicating interface name) – you’ll get interface name, status (whether it’s UP or DOWN right now) and the assigned IP address:

greys@becky:~ $ ip -br -4 addr
 lo               UNKNOWN        127.0.0.1/8
 eth0             UP             192.168.1.66/24

If I want to just show this for eth0, here’s how I do it

greys@becky:~ $ ip -br -4 addr show dev eth0
 eth0             UP             192.168.1.66/24

That’s useful enough to learn in case ifconfig command is not found or you simply want to use ip command instead of ifconfig command a bit more.

See Also



Assign Keyboard Shortcut to Screenshot in Ubuntu

I’m finding myself working on Linux laptop with Ubuntu 19.04 more often than I expected – sometimes I spend most of my day research and preparing Unix Tutorial posts in Linux instead of macOS. Today I got an opportunity to improve my screenshotting productivity a bit more.



How To Take Screenshots in Ubuntu

I tried a few screenshot apps in Ubuntu but eventually settled on the default one that comes pre-installed – it’s called Screenshot. The main reason for this choice wasn’t for its functionality (and certainly not for its performance, it’s rather slow) but because most of other options don’t support the HiDPI resolutions properly – so a quick task of screenshotting something becomes a tedious chore that defeats the purpose.

So I settled on using Screenshot app. I usually press the Start (Windows?) key on my keyboard and this brings a view of all the windows and gives me the app search window at the top of the screen:

I can then type Screenshot there and press Enter to run the app:

And then select the type of screenshot action I want to progress:

Adding Keyboard Shortcut to Screenshot

I decided to improve the things by skipping the whole “search for an app named Screenshot” part of the process and started looking into Keyboard Shortcuts settings.

Turns out, there is an even better option: I can select a shortcut to not just start Screenshot but to also select the action (screenshot current window) and save the file into Pictures directory:

The default shortcut Alt+Print is more than adequate, but on my multimedia keyboard from Logitech I don’t have Print button and must press Fn for invoke it. So I decided to change the default shortcut to Alt+S:

That’s it, I now can simply press Alt+S and get the window I’m working with automatically screenshotted (is this a word?) and placed into Pictures:

Hope you like this tip, have a great day!

See Also