Linux commands to add an Active Directory group in Sudoers file

linux sudo active-directory
20,623

Note: Messing with the sudoers file has some risk. Before starting, things to think about include:

  • System backups

  • A physical root shell (in a properly configured ssh environment root should be dis-sallowed from logging into a system over ssh)

  • Familiarity with booting off a live cd to "fix" whatever is broken

Assuming you have AD integration already in place,

groups

will list all the groups that a user has, this is important so that you get the proper casing for the group name.

take that and then add it to /etc/sudoers file. I use nano and add one of these lines at the bottom of the file.

%domain\groupname ALL=(ALL) ALL

or

%groupname ALL=(ALL) ALL

A domain may or may not be needed. That is a function of other decisions in setting up the AD authentication integration. If AD authenticated users are dumped into /home/<DOMAIN>/<username>, then you'll most likely need the exact same name as DOMAIN in the sudoers file.

To automate this from a script, call

echo "%groupname ALL=(ALL)ALL" >> /etc/sudoers

Share:
20,623

Related videos on Youtube

tset
Author by

tset

Updated on September 18, 2022

Comments

  • tset
    tset over 1 year

    What is the Linux (Red Hat) command to add a Active Directory (AD) group in sudoers file to restrict the local admin access to the members of the group?

    For eg, I have an AD group linux-admin and I would like to add this line 

    %test.com\linux-admin ALL=(ALL) ALL
  • tset
    tset over 7 years
    That's great. But how do I add this line to the file without opening the file. The reason I am trying to do this is to automate this.
  • John
    John over 7 years
    I added a automation note. Backup sudoers before you do this, and re-verify after to make sure it's right.
  • roaima
    roaima over 7 years
    Not only take a backup, but make sure you have a root shell open somewhere too
  • John
    John over 7 years
    I wasn't looking beyond the question, but you're right. If considerations aren't included, someone will do this without proper preparation. I added a note at the top to clarify things.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Having users su/sudo in Linux based on Active Directory group when using pam_winbind
Include AD domain admins group in Linux sudoers?
What are the other alternative to test a LDAP connection on linux machine
How to get user password expiration date from Active Directory?
sudo: no tty present and no askpass program specified When useing shell_exec
Regex in Sudoers File?
sudo: command not found
How to do ldapsearch with multiple filters?
Android Debug Bridge (adb) command line tool exists in $PATH, but "command not found" in linux
make git clone with sudo