Ubuntu
ubiquity package

admin in reserved-usernames

Asked by Felix Natter

Dear ubiquity mnaintainers,

Concerning: Ubuntu 22.04.2

I would like to use the "admin" user as a first sudo user
during Ubuntu 22.04 installation. ubiquity rejects this,
as this file:

/usr/lib/ubiquity/user-setup/reserved-usernames

contains:

# Ubuntu creates the admin group and adds the
# first user to it to grant them sudo privileges
admin

However, after installing with a different sudo user,
I can confirm that this is not the case: Ubuntu 22.04
uses the sudo group for this purpose.

Is this line in reserved-usernames an error and I can
ignore it by commenting out the line and then installing
as usual, without problems? I would like to install
many Ubuntu 22.04 systems.

Many Thanks and Best Regards,
Felix

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu ubiquity Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

"I can confirm that this is not the case"
What is not the case?

In previous releases the group for using sudo was named admin, but that has been changed in the meantime.
Nevertheless there is still the advice not to use the username admin, because that is one of the first targets that hackers usually would attack.

Revision history for this message
Felix Natter (fnatter) said (last edit ): 		#2

hello Manfred,

"What is not the case?" -> "Ubuntu 22.04 uses the sudo group for this purpose."

thank you for the quick answer. For intranet workstations I think this is not an issue.
However, the default /etc/sudoers contains this:
%admin ALL=(ALL) ALL
and
%sudo ALL=(ALL:ALL) ALL

there could be some side effects of using "admin" as the sudo user.
Could you please clarify what the purpose of the %admin entry is?
AFAICT we are supposed to use the group sudo for admins?
(the difference between (ALL) and (ALL:ALL) seems to be in details
not related to security [1])

[1] https://unix.stackexchange.com/questions/670761/etc-sudoers-clarification-about-all-vs-allall-for-groups

Many Thanks and Best Regards,
Felix

Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#3

The "%admin ..." entry allows all members of the "admin" group (if it exists) to issue sudo commands.
If you create a group "admin" and grant some user the membership in that group, then this user can use sudo (even if not member of the sudo group).
Nowadays there is a group "sudo" created and the first user is made member of it by the installer, but it still works with the admin group, too.

Revision history for this message
Felix Natter (fnatter) said : 		#4

Thanks Manfred Hampl, that solved my question.