Exam XK0-005 topic 1 question 207 discussion

I agree D here, restart isnt even given to user1, only in webadmin, which currently isnt listed as a group but will be if we give it a % sign= %webadmin So if we did B, he wouldn't even be able to restart it since it's not an option in that specific configuration.

1. User1 does not have "restart" command permission 2. Only webadmin have start pemission 3. User1 is part of webadmin group so I think by listing webadmin as a group (%webadmin) should work. user1 can start and stop the web service, and will need to use sudo command to restart the service...

user1 need the 'NOPASSWD' in order to be able to restart the httpd service. This only enable user1 to run sudo commands on 'hppd' only and no other service.

The answer is B because user1 needs permission to restart the httpd service using `systemctl`, which is not currently allowed. By adding `NOPASSWD:` and including the restart command in the sudoers file, user1 can manage the service without requiring a password, ensuring the correct and necessary permissions are applied. The answer is not D because user1 is already a member of the webadmin group, and the permissions for restarting the `httpd` service using `systemctl` are not included in the webadmin group configuration. The correct answer is B because user1 needs `NOPASSWD` permission specifically for `systemctl restart httpd`, which is currently missing. Adding this to the sudoers file ensures user1 can restart the service without requiring unnecessary broader permissions.

I choose D. A: user1 does not need to be part of the wheel group, for that typically gives them permission to run any commands anywhere. B: Removing the password prompt before running sensitive commands would weaken security. C: User1 is not part of the wheel group. Uncommenting this line would not solve their problem. D: Correct. You specify a group entry with the % symbol, like this: %webadmin ALL=(ALL) NOPASSWD: <allowed_commands>