Results 1 to 4 of 4

Thread: Effect of (ALL:ALL) in sudoers?

  1. #1
    Join Date
    Jan 2009
    Location
    Butte, MT
    Beans
    2
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Effect of (ALL:ALL) in sudoers?

    Hello,

    What is the purpose of the ALL:ALL in the sudoers file for the default %sudo group entry?

    Code:
    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL
    
    # Allow members of group sudo to execute any command
    %sudo   ALL=(ALL:ALL) ALL
    In other words, what's the difference between those two lines? I understand that the admin group can run any command from any machine as any user, so what extra or reduced functionality does the sudo group get?

    Thanks

  2. #2
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Effect of (ALL:ALL) in sudoers?

    Quote Originally Posted by blak111 View Post
    Hello,

    What is the purpose of the ALL:ALL in the sudoers file for the default %sudo group entry?

    Code:
    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL
    
    # Allow members of group sudo to execute any command
    %sudo   ALL=(ALL:ALL) ALL
    In other words, what's the difference between those two lines? I understand that the admin group can run any command from any machine as any user, so what extra or reduced functionality does the sudo group get?

    Thanks
    Users in the admin group may become root. Users in the sudo group can only use the sudo command.

    For instance, they could not sudo su

    Hope this helps.

  3. #3
    Join Date
    Sep 2010
    Beans
    898

    Re: Effect of (ALL:ALL) in sudoers?

    So ":ALL" denies permission to become another user? I looked at the man page, but it wasn't clear to me.

  4. #4
    Join Date
    Sep 2006
    Beans
    7,363
    Distro
    Lubuntu Development Release

    user:group

    (ALL:ALL) refers to (user:group) that sudo will use. It can be specified with -u and -g when you run sudo. If you don't specify anything it will run as root:root, which is the default. That's how most end up using it anyway.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •