I noticed that two groups are granted similar-looking permissions in /etc/sudoers:
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
My user account with "Administer the system" privileges is in the admin group, and there don't appear to be any users in the sudo group. What are these two groups for?
Ubuntu 12.04 LTS and later
Administrators are added to the
sudogroup, but theadmingroup is supported for backward compatibility. From the release notes:It is not created when you do a fresh install, though it is still present if you upgraded from previous distributions. Either way, the
admingroup appears in the/etc/sudoersfile.See implementation details and the official documentation.
Ubuntu 11.10 and earlier
By default the
sudogroup is not used in Ubuntu:admingroup, notsudo;sudogroup;sudogroup, because theadmingroup can do all one needs.Conversely, on Debian the group enabled in
/etc/sudoersis thesudogroup, and there is noadmingroup. But the user created during installation is not put in that group, because Debian has therootaccount enabled. You should do it explicitly, if you want to.Also, Fedora is similar to Debian, having
rootenabled and no default privileges for the user create during installation. But the administrative group configured in/etc/sudoersis the more traditional groupwheel.In conclusion, I think there is no use for
sudogroup in Ubuntu, simply it is a Debian heritage.No security difference.
Both have 100% unrestricted access to anything provided by the OS.
The difference in your /etc/sudoers is
(ALL)vs(ALL:ALL). The first one means you can run commands as any user. The second - you can run command as any user and as any group.The way shown in your /etc/sudoers both groups will need to enter their own password to execute commands as root.
Both can a root shell like this: