Sunday, 17 January 2010

Smarter sudo

The way Ubuntu handles sudo makes some sense. Rather than adding the name of each administrator to the sudoers file, they first create a group called ‘admin’, which can be done via the command line:

# groupadd admin

and then in the /etc/sudoers they create an entry:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

Finally, add administrators to the admin group. This can be done by the command line thus:

# usermod -a -G admin <username>

To revoke someones administrator privileges, get them out of the admin group:

# deluser <username> admin