Advice around giving sudo access to users


In our shop we give administrator rights to those who can present us with a good case for having them, such as those employees who develop code. We bound to AD (as we are mostly a Windows shop) and accounts are of the Managed, Mobile type.

What we are finding is that users have to su - localadmin in a Terminal window often when developing, and they are finding this a pain. Is there a way of giving sudo access so that they can get whatever they need done under their own (Standard) accounts? Is it a case of manually editing the /etc/sudoers file on request, or is there a better way to manage this?

How is this managed in your environments?


Valued Contributor III

Not endorsing this way, but another way to do it is to have an AD group such as say a "computer tech's" group and add them to have admin rights in the AD plugin config.

By default our computer techs have this to do local admin work on the computer.

Valued Contributor

^^^^This^^^^^. Plus you really don't want to mess with /etc/sudoers. Use the drop folder /etc/sudoers.d. This way if you want to automate it, you are just dropping a text file there and not altering /etc/sudoers