How does the sudoers work?

Question

During an installation, as usual, we create our main user account, and then we can do sudo commands with it without problem. Now, when I created another account, and I wanted to do sudo, it gave me error that the account is not in the sudoers file. In that file I found out that users in %admin and %sudo groups can gain root privileges. But my main account is not in neither one of those groups and I can do sudo with it without problem, but with the other account I can't. Is there something besides sudoers that I should know about? Thanks

Answer 1

The admin and sudoer groups should give the user the access needed. You will have to log the user out and back in again for the changes to take effect. Have a look at these answers for some pretty good instructions:

How can I create an administrator user from the command line?

Answer 2

To answer the general question some programs use mechanisms that use polkit to screen for root privileges rather than using the /etc/sudoers approach. (For example, gparted, as I recall). The sudo command uses /etc/sudo and/etc/sudoers.d/* so be sure to check each file. LDAP can conceivably be used to source information, by the way.

My system is 12.04 and my sudo-capable accounts are in the sudo group. My pertinent polkit files are /etc/polkit-1/localauthority.conf.d/50-localauthority.conf and /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf. Yours may be different.

---

I assume you realize that if the sudoers file says %sudo that means user must be in the sudo group. I assume, but don't know, that a long lasting credential might persist after a policy (or group) change. I would think you would know if this had been done, however.

To pursue further I suggest that you post the contents of the /etc/sudoers and the files in /etc/sudoers.d/ and under the tree /etc/polkit-1/ and tell us what groups the two userids are added to. I don't believe there are any passwords or hashes in the files I'm mentioning.