How to allow AD group to run elevated commands from the desktop in Ubuntu 22.04

ajb

6/12/24, 5:30 PM

I've seen a number of similar questions, but none that quite cover my situation.

I have an Ubuntu desktop 22.04 system, setup for authentication against a Active Directory. I have a domain group added to sudoers.d via %group@domain ALL=(ALL:ALL) ALL. That allows the group members to use sudo at the command line, which works fine.

However, it doesn't allow those users to access elevated commands from the desktop (for example, installing software packages or accessing system configuration). That appears to rely on the sudo user group, not the sudoers list. Adding an individual domain user to the sudo user group via usermod allows that user to run elevated gui commands, but this obviously doesn't work for the whole group.

Can I add or link an entire AD user group to the local sudo group? Or is there another way to grant an AD group access to elevated commands from the desktop gui?

0 + 0

sudo

users

desktop-environments

active-directory

22.04

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to allow AD group to run elevated commands from the desktop in Ubuntu 22.04

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.