Tag: security

Better Use visudo

I had the unfortunate experience to lock myself out from using sudo on my NAS server.

All I wanted to do was give my user permission to run smartctl, which usually requires root privileges. This can be achieved by editing the /etc/sudoers file.

However I did not use visudo for this task. After removing the pound sign from the #include statement – which, let’s be honest, looks like a comment that needs to be uncommented – I saved the file and closed it.
At this moment visudo would have raised an error, if I had used it, and prevented me from saving the invalid sudoers file.

Long story short I was locked out from using the sudo command. After booting into a Linux live/rescue image from USB I could fix the syntax error in /etc/sudoers.

The moral of the whole story, better use visudo when editing /etc/sudoers.

That’s it.


References:

  1. https://www.sudo.ws/docs/man/1.8.13/sudoers.man/#SUDOERS_FILE_FORMAT
  2. https://stackoverflow.com/questions/30895493/using-smartctl-without-sudo
  3. https://toroid.org/sudoers-syntax

Wireguard on Lightsail gone Ship-Wrecked

For a long time now I run an AWS Lightsail VPS serving as a wireguard gateway to my home server. Since recently connecting to the Lightsail instance via wireguard is no longer possible.
When I took a look with SSH I got

$> sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"

To be sure I updated all packages, but the problem still persisted.
The port used by wireguard had not changed and still was accessible according to the network settings of Lightsail.
What change in the Lightsail VPS or network settings could cause an issue like this? It literally just stopped working over night.

Powered by WordPress & Theme by Anders Norén

Close Bitnami banner
Bitnami