localhost in sudoers

There is no chance of an internal attack, so I would like to give sudo privileges to users at the local computer using sudoers. I tried these lines separately:

%admin localhost=(ALL) NOPASSWD: ALL
%admin 127.0.0.1=(ALL) NOPASSWD: ALL

But sudoers does not seem recognize either localhost or 127.0.0.1.

Is there an alternative, and if so, how secure would it be? Could a remote attacker gain local user privileges using cron or some other method?

Solution 1:

%admin ALL=(ALL) NOPASSWD: ALL

The host list restricts the sudo rule to hosts on which one network interface has a name or address in the list. Since every host has a loopback interface, every host should match your rule; in fact, sudo skips the loopback interface when checking host lists, so no host does match your rule; either way specifying the host as localhost is not useful.

Sudo doesn't do any network authentication: the host list is there so that you can deploy a single sudoers file on multiple machines and give users different permissions on different machines.

Cron also doesn't do any network authentication. A remote user would gain user privileges through a misconfigured or vulnerable network server or client (http, ftp, samba, nfs, snmp, ssh, …).