What does each ALL mean? I understand that the whole line indicates that the admin group members get admininstartive privileges, but would like to know more info about the position of the ALLS and if they each refer to a different set of permissions or something like that?

$sudo cat /etc/sudoers ... # User privilege Information root ALL=(ALL) ALL #... %sudo ALL=(ALL) ALL # #includedir /etc/sudoers.d #Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # 

If it matters: OS: Ubuntu : 10.4

1 Answer

There is a manual page for sudoers(5).

Basically:

  • %admin – the group named "admin" (% prefix)
  • ALL= – on all hosts (if you distribute the same sudoers file to many computers)
  • (ALL) – as any target user
  • ALL – can run any command

A more restricted example would be:

%mailadmin snow,rain=(root) /usr/sbin/postfix, /usr/sbin/postsuper, /usr/bin/doveadm nobody ALL=(root) NOPASSWD: /usr/sbin/rndc reload 

In this case, the group mailadmin is allowed to run mail server control tools as user root on hosts named "snow" and "rain". The user nobody is allowed to run rndc reload as root, on all hosts, without being asked for any password. (Normally sudo asks for the invoker's own password.)

2