1

I would like to run a command with temporary group membership but it seems that I don't have permission to do that. As an example, if I run sudo -g internet ls, I get the message Sorry, user rudivonstaden is not allowed to execute '/bin/ls' as rudivonstaden:internet on rudivonstaden-desktop.

In my limited understanding, this should be governed by the /etc/sudoers file, potentially modified by files in /etc/sudoers.d. The latter folder only contains the README file, and the sudoers file has the following:

root    ALL=(ALL:ALL) ALL
%sudo   ALL=(ALL:ALL) ALL

As far as I can tell, that should allow any sudo user to run any file as any group using the -g option. Is there a bug somewhere, or am I missing something?

Braiam
  • 67,791
  • 32
  • 179
  • 269
rudivonstaden
  • 539

1 Answers1

4

I managed to get it working by editing my /etc/sudoers file (with sudo vimsudo), and changing the admin group permissions from

%admin ALL=(ALL) ALL

to

%admin ALL=(ALL:ALL) ALL

The sudo group is a bit of a red herring on Ubuntu, it's actually the admin group that defines sudo permissions. See this question for more on how Ubuntu uses the admin and sudo groups.

Community
  • 1
rudivonstaden
  • 539
  • 1
    The accepted answer to that question is not correct anymore. As of Ubuntu 12.04, sudo is the main administrative group. If an earlier release is upgraded to 12.04, it will retain the admin group, and the admin group will still have its power, but that's for backward compatibility. – Eliah Kagan Jul 12 '12 at 17:22
  • On archlinux, you may want to use wheel instead. To allow a specific user passwordless access to a specific group, add a line like thomas ALL=(thomas:vpn) NOPASSWD: ALL. – Thomas G. Dec 30 '16 at 11:17