Adding a user to sudo group vs creating a sudoers file
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
What is the practical difference between:
adding a user to
sudo
(Debian) orwheel
(RHEL) groupsudo usermod -aG sudo/wheel <username>
vs
creating a file named
username
with the following contents in/etc/sudoers.d/
username ALL=(ALL:ALL) ALL
sudo
add a comment |Â
up vote
1
down vote
favorite
What is the practical difference between:
adding a user to
sudo
(Debian) orwheel
(RHEL) groupsudo usermod -aG sudo/wheel <username>
vs
creating a file named
username
with the following contents in/etc/sudoers.d/
username ALL=(ALL:ALL) ALL
sudo
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
What is the practical difference between:
adding a user to
sudo
(Debian) orwheel
(RHEL) groupsudo usermod -aG sudo/wheel <username>
vs
creating a file named
username
with the following contents in/etc/sudoers.d/
username ALL=(ALL:ALL) ALL
sudo
What is the practical difference between:
adding a user to
sudo
(Debian) orwheel
(RHEL) groupsudo usermod -aG sudo/wheel <username>
vs
creating a file named
username
with the following contents in/etc/sudoers.d/
username ALL=(ALL:ALL) ALL
sudo
sudo
asked 12 mins ago
pkaramol
415213
415213
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
0
down vote
The only practical difference that I can see is in the situation where the sudoers
file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo
/wheel
group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers
file will be able to execute any command as any user on every machine.
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
â ivanivan
5 mins ago
add a comment |Â
up vote
0
down vote
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers
group (or whatever group is needed) the user needs to log out/in or use newgrp
to really become a member of that group and be able to sudo
, whereas a file under /etc/sudoers.d/
wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user
to sudo
and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The only practical difference that I can see is in the situation where the sudoers
file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo
/wheel
group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers
file will be able to execute any command as any user on every machine.
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
â ivanivan
5 mins ago
add a comment |Â
up vote
0
down vote
The only practical difference that I can see is in the situation where the sudoers
file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo
/wheel
group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers
file will be able to execute any command as any user on every machine.
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
â ivanivan
5 mins ago
add a comment |Â
up vote
0
down vote
up vote
0
down vote
The only practical difference that I can see is in the situation where the sudoers
file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo
/wheel
group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers
file will be able to execute any command as any user on every machine.
The only practical difference that I can see is in the situation where the sudoers
file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo
/wheel
group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers
file will be able to execute any command as any user on every machine.
answered 7 mins ago
roaima
41.2k547112
41.2k547112
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
â ivanivan
5 mins ago
add a comment |Â
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
â ivanivan
5 mins ago
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
â ivanivan
5 mins ago
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
â ivanivan
5 mins ago
add a comment |Â
up vote
0
down vote
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers
group (or whatever group is needed) the user needs to log out/in or use newgrp
to really become a member of that group and be able to sudo
, whereas a file under /etc/sudoers.d/
wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user
to sudo
and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
add a comment |Â
up vote
0
down vote
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers
group (or whatever group is needed) the user needs to log out/in or use newgrp
to really become a member of that group and be able to sudo
, whereas a file under /etc/sudoers.d/
wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user
to sudo
and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers
group (or whatever group is needed) the user needs to log out/in or use newgrp
to really become a member of that group and be able to sudo
, whereas a file under /etc/sudoers.d/
wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user
to sudo
and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers
group (or whatever group is needed) the user needs to log out/in or use newgrp
to really become a member of that group and be able to sudo
, whereas a file under /etc/sudoers.d/
wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user
to sudo
and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
answered 6 mins ago
ivanivan
3,2261314
3,2261314
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f476416%2fadding-a-user-to-sudo-group-vs-creating-a-sudoers-file%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password