Ubuntu – the difference between the ‘sudo’ and ‘admin’ group

permissionssudo

I noticed that two groups are granted similar-looking permissions in /etc/sudoers:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

My user account with "Administer the system" privileges is in the admin group, and there don't appear to be any users in the sudo group. What are these two groups for?

Best Answer

Ubuntu 12.04 LTS and later

Administrators are added to the sudo group, but the admin group is supported for backward compatibility. From the release notes:

Up until Ubuntu 11.10, administrator access using the sudo tool was granted via the admin Unix group. In Ubuntu 12.04, administrator access will be granted via the sudo group. This makes Ubuntu more consistent with the upstream implementation and Debian. For compatibility purposes, the admin group will continue to provide sudo/administrator access in 12.04.

It is not created when you do a fresh install, though it is still present if you upgraded from previous distributions. Either way, the admin group appears in the /etc/sudoers file.

See implementation details and the official documentation.

Related Solutions

Ubuntu – Editing /etc/sudoers to allow Winbind Group members to Only sudo to 1 Local User

I found the solution. We needed to set the login shell and path to the sudoers entry for the service user's home like so:

%domain.local\\service ALL=(service) NOPASSWD:/bin/bash, /opt/service/*

Now we are able to enter the following to become the service user:

$ sudo -i -u service
$ whoami
service
$ pwd
/opt/service

Best Answer

Ubuntu 12.04 LTS and later

Related Solutions

Ubuntu – Editing /etc/sudoers to allow Winbind Group members to Only sudo to 1 Local User

Related Question