Thursday, 20 March 2014

How to allow domain users to use sudo in linux


Linux server - Debian, Ubuntu, Red Hat, SLES


You want to give members of Active Directory group "Domain Admins" the ability to run commands as root using the sudo command.


1. Log on to your linux server as root.
2. Use visudo command to edit /etc/sudoers file
3. Add the following line at the bottom
%DOMAIN\\domain\ admins  ALL=(ALL) ALL
%DOMAIN\\domain^admins  ALL=(ALL) ALL

With Likewise (re-branded to PowerBroker) you can configure to assume default domain:
AssumeDefaultDomain true
If you have done it then skip DOMAIN.
%domain^admins  ALL=(ALL) ALL 

Make sure to escape spaces in group names with backslashes or use caret sign instead "^".

To check group membership for a user use "id" i.e.
id administrator

In this example I assume you can already log on with your domain credentials.

No comments:

Post a Comment