Valid XK0-005 Dumps shared by ExamDiscuss.com for Helping Passing XK0-005 Exam! ExamDiscuss.com now offer the newest XK0-005 exam dumps, the ExamDiscuss.com XK0-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com XK0-005 dumps with Test Engine here:
A Linux administrator provisioned a new web server with custom administrative permissions for certain users. The administrator receives a report that user1 is unable to restart the Apache web service on this server. The administrator reviews the following output: [ root@server ] # id user1 UID=1011 (user1) gid=1011 (USER1) groups=1011 (user1), 101 (www-data), 1120 (webadmin) [ root@server ] # cat /etc/sudoers.d/custom.conf user1 ALL=/usr/sbin/systemctl start httpd, /usr/sbin/systemctl stop httpd webadmin ALL=NOPASSWD: /etc/init.d.httpd restart, /sbin/service httpd restart, /usr/sbin/apache2ctl restart #%wheel ALL=(ALL) NOPASSWD: ALL Which of the following would most likely resolve the issue while maintaining a least privilege security model?
Correct Answer: D
The custom.conf file grants sudo privileges to user1 and webadmin for managing the Apache web service, but it uses different commands for each of them. User1 is allowed to use systemctl to start and stop the httpd service, while webadmin is allowed to use init.d, service, or apache2ctl to restart the httpd service. However, the user1 is unable to restart the service, only start and stop it. To fix this, user1 should be able to use the same commands as webadmin, which can be achieved by listing webadmin as a group in the custom.conf file, using the syntax %groupname. This way, user1 will inherit the sudo privileges of the webadmin group, and be able to restart the Apache web service without compromising the least privilege security model. References * Sudo and Sudoers Configuration | Servers for Hackers, section "Groups" * Chapter 12. Managing sudo access - Red Hat Customer Portal, section "12.1. Configuring sudo access for users and groups"