Adding a user to sudo group vs creating a sudoers file
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
What is the practical difference between:
adding a user to
sudo(Debian) orwheel(RHEL) groupsudo usermod -aG sudo/wheel <username>
vs
creating a file named
usernamewith the following contents in/etc/sudoers.d/username ALL=(ALL:ALL) ALL
sudo
asked 12 mins ago
pkaramol
415213
add a comment |Â
up vote
1
down vote
favorite
What is the practical difference between:
adding a user to
sudo(Debian) orwheel(RHEL) groupsudo usermod -aG sudo/wheel <username>
vs
creating a file named
usernamewith the following contents in/etc/sudoers.d/username ALL=(ALL:ALL) ALL
sudo
asked 12 mins ago
pkaramol
415213
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
What is the practical difference between:
adding a user to
sudo(Debian) orwheel(RHEL) groupsudo usermod -aG sudo/wheel <username>
vs
creating a file named
usernamewith the following contents in/etc/sudoers.d/username ALL=(ALL:ALL) ALL
sudo
asked 12 mins ago
pkaramol
415213
What is the practical difference between:
adding a user to
sudo(Debian) orwheel(RHEL) groupsudo usermod -aG sudo/wheel <username>
vs
creating a file named
usernamewith the following contents in/etc/sudoers.d/username ALL=(ALL:ALL) ALL
sudo
sudo
asked 12 mins ago
pkaramol
415213
asked 12 mins ago
pkaramol
415213
asked 12 mins ago
pkaramol
415213
asked 12 mins ago
pkaramol
415213
asked 12 mins ago
pkaramol
415213
415213
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
0
down vote
The only practical difference that I can see is in the situation where the sudoers file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo/wheel group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers file will be able to execute any command as any user on every machine.
answered 7 mins ago
roaima
41.2k547112
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
– ivanivan
5 mins ago
add a comment |Â
up vote
0
down vote
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers group (or whatever group is needed) the user needs to log out/in or use newgrp to really become a member of that group and be able to sudo, whereas a file under /etc/sudoers.d/ wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user to sudo and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
answered 6 mins ago
ivanivan
3,2261314
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The only practical difference that I can see is in the situation where the sudoers file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo/wheel group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers file will be able to execute any command as any user on every machine.
answered 7 mins ago
roaima
41.2k547112
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
– ivanivan
5 mins ago
add a comment |Â
up vote
0
down vote
The only practical difference that I can see is in the situation where the sudoers file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo/wheel group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers file will be able to execute any command as any user on every machine.
answered 7 mins ago
roaima
41.2k547112
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
– ivanivan
5 mins ago
add a comment |Â
up vote
0
down vote
up vote
0
down vote
The only practical difference that I can see is in the situation where the sudoers file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo/wheel group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers file will be able to execute any command as any user on every machine.
answered 7 mins ago
roaima
41.2k547112
The only practical difference that I can see is in the situation where the sudoers file is a standard that is shared (deployed) amongst different machines. (And the user/group database is for some reason not shared. An unlikely situation, IMO.)
In this instance the user added to the sudo/wheel group will be able to execute any command as any user only on that machine, whereas the the user with an explicit entry in the sudoers file will be able to execute any command as any user on every machine.
answered 7 mins ago
roaima
41.2k547112
answered 7 mins ago
roaima
41.2k547112
answered 7 mins ago
roaima
41.2k547112
answered 7 mins ago
roaima
41.2k547112
41.2k547112
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
– ivanivan
5 mins ago
add a comment |Â
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
– ivanivan
5 mins ago
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
– ivanivan
5 mins ago
we could combine our answers into a SuperAnswer! if you want ot copy/paste mine into yours as an edit, i'll cheerfully delete mine.
– ivanivan
5 mins ago
add a comment |Â
up vote
0
down vote
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers group (or whatever group is needed) the user needs to log out/in or use newgrp to really become a member of that group and be able to sudo, whereas a file under /etc/sudoers.d/ wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user to sudo and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
answered 6 mins ago
ivanivan
3,2261314
add a comment |Â
up vote
0
down vote
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers group (or whatever group is needed) the user needs to log out/in or use newgrp to really become a member of that group and be able to sudo, whereas a file under /etc/sudoers.d/ wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user to sudo and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
answered 6 mins ago
ivanivan
3,2261314
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers group (or whatever group is needed) the user needs to log out/in or use newgrp to really become a member of that group and be able to sudo, whereas a file under /etc/sudoers.d/ wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user to sudo and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
answered 6 mins ago
ivanivan
3,2261314
Effective difference? Not much. Biggest I can think of is that by adding the user to the sudoers group (or whatever group is needed) the user needs to log out/in or use newgrp to really become a member of that group and be able to sudo, whereas a file under /etc/sudoers.d/ wouldn't require that extra step.
Long term maintenance, etc. with more than just one user involved... the group membership may be "better" - it really comes down to work flow, etc. at that point and it rapidly moves this question even further into that grey murky area known as "opinion based answers". Obviously there may be some technical reasons behind choosing one over the other (ie, for the www-user to sudo and you don't want to or can't start/stop the webserver) but "which is better" is almost always opinion and situation based.
answered 6 mins ago
ivanivan
3,2261314
answered 6 mins ago
ivanivan
3,2261314
answered 6 mins ago
ivanivan
3,2261314
answered 6 mins ago
ivanivan
3,2261314
3,2261314
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f476416%2fadding-a-user-to-sudo-group-vs-creating-a-sudoers-file%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
