What do the "ALL"s in the line " %admin ALL=(ALL) ALL " in Ubuntu's /etc/sudoers file stand for?
38,991
There is a manual page for sudoers(5).
Basically:
-
%admin– the group named "admin" (%prefix) -
ALL=– on all hosts (if you distribute the samesudoersfile to many computers) -
(ALL)– as any target user -
ALL– can run any command
A more restricted example would be:
%mailadmin snow,rain=(root) /usr/sbin/postfix, /usr/sbin/postsuper, /usr/bin/doveadm
nobody ALL=(root) NOPASSWD: /usr/sbin/rndc reload
In this case, the group mailadmin is allowed to run mail server control tools as user root on hosts named "snow" and "rain". The user nobody is allowed to run rndc reload as root, on all hosts, without being asked for any password. (Normally sudo asks for the invoker's own password.)
Related videos on Youtube
03 : 21
User is not in the sudoers file. This incident will be reported.
20 : 15
Basic Linux Permissions part 6: sudo and sudoers
02 : 25
Centos 7 problem - users is not in the sudoers file. This incident will be reported
03 : 27
How to add user to sudoers in Linux
01 : 35
Adding Users to the Sudoers File
Author by
Sri Kadimisetty
Updated on September 18, 2022Comments
-
Sri Kadimisetty over 1 year
What does each ALL mean? I understand that the whole line indicates that the admin group members get admininstartive privileges, but would like to know more info about the position of the ALLS and if they each refer to a different set of permissions or something like that?
$sudo cat /etc/sudoers ... # User privilege Information root ALL=(ALL) ALL #... %sudo ALL=(ALL) ALL # #includedir /etc/sudoers.d #Members of the admin group may gain root privileges %admin ALL=(ALL) ALL #If it matters: OS: Ubuntu : 10.4
-
colan almost 12 yearsWhat about the extra "ALL" after the ":" in "ALL=(ALL:ALL) ALL"? -
user1686 almost 12 years@colan: List of allowed groups for switching with the
-goption. It's under "User Specification" in the manpage.
