[unisog] sudowin 0.4.0-r153 released

Schley Andrew Kutz a.kutz at its.utexas.edu
Tue Jan 30 14:41:40 GMT 2007

This version of sudowin finally adds support for defining local and domain
groups in the sudoers file instead of just individual users.  And it is
incredibly simple to do, and the result is quite powerful.  You simply set
the name attribute of a <userGroup> node to the name of the local or domain
group you wish to authorize.

The online documentation says:



The <userGroup> node is used for grouping distinct users into a singular
group. This is useful because it allows an administrator to set attribute
values on a group of users instead of individual users.  This node can also
represent a valid local or Active Directory domain-level group.

Valid attributes are:
- name
  - type: string
  - use: required
  - description: The name of the user group. This name can correspond to a
user group local to the computer the sudowin service is running on, or this
name can correspond to an Active Directory domain-level group. Valid values
are GROUP_NAME (implies that this is a local group), HOST_NAME\GROUP_NAME,


So if you defined a domain group called Sudoers and put all of the users you
wanted invoking sudo in it, how could you enable it so they could invoke all
commands?  Simply by adding this line to the sudoers file:

<userGroup name="DOMAIN_NAME\Sudoers" allowAllCommands="true" />

That's it, your done.  Be careful with this functionality, you can easily
shoot yourself in the foot with it.

Get the latest release at


ITS at The University of Texas at Austin

name:    Schley Andrew Kutz, MCSD, GCWN-GOLD, VCP-VI3
mail:    a.kutz at its.utexas.edu
work:    512.475.9246

Please do not hesitate to call or e-mail me if you have any questions or

More information about the unisog mailing list