Help

Advice around giving sudo access to users

ianmb
Contributor

Posted on ‎10-01-2018 03:26 AM

In our shop we give administrator rights to those who can present us with a good case for having them, such as those employees who develop code. We bound to AD (as we are mostly a Windows shop) and accounts are of the Managed, Mobile type.

What we are finding is that users have to su - localadmin in a Terminal window often when developing, and they are finding this a pain. Is there a way of giving sudo access so that they can get whatever they need done under their own (Standard) accounts? Is it a case of manually editing the /etc/sudoers file on request, or is there a better way to manage this?

How is this managed in your environments?

0 Kudos
2 REPLIES 2

blackholemac
Valued Contributor III

Posted on ‎10-01-2018 05:05 AM

Not endorsing this way, but another way to do it is to have an AD group such as say a "computer tech's" group and add them to have admin rights in the AD plugin config.

By default our computer techs have this to do local admin work on the computer.

0 Kudos

Nix4Life
Valued Contributor

Posted on ‎10-01-2018 06:23 AM

^^^^This^^^^^. Plus you really don't want to mess with /etc/sudoers. Use the drop folder /etc/sudoers.d. This way if you want to automate it, you are just dropping a text file there and not altering /etc/sudoers

0 Kudos