Why doesn't root need the password to run “sudo” even when “NOPASSWD:ALL” isn't written in /etc/sudoers [duplicate] The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsWhy can `root` run any command as any user without providing password?sudo no password breaks other sudo -u usesExecute shell script from php, as root user?How do I get simple scripts which seem to need root priveliges to run via the www-data user?Is it safe to disable password for a user, if it only uses SSH key login?Use current user environment variable in sudoers fileParallels on Mac - can no longer sudo within UbuntuWhat does “ALL ALL=(ALL) ALL” mean in sudoers?Why do I still need to run shutdown as sudo after this?Checking sudoers without root?IPTABLES and sudoers file issue

Did God make two great lights or did He make the great light two?

Semisimplicity of the category of coherent sheaves?

Relations between two reciprocal partial derivatives?

ELI5: Why do they say that Israel would have been the fourth country to land a spacecraft on the Moon and why do they call it low cost?

What can I do if neighbor is blocking my solar panels intentionally?

How to colour the US map with Yellow, Green, Red and Blue to minimize the number of states with the colour of Green

How long does the line of fire that you can create as an action using the Investiture of Flame spell last?

How can I define good in a religion that claims no moral authority?

How does ice melt when immersed in water?

Difference between "generating set" and free product?

Why does the Event Horizon Telescope (EHT) not include telescopes from Africa, Asia or Australia?

Slither Like a Snake

The variadic template constructor of my class cannot modify my class members, why is that so?

Derivation tree not rendering

Working through the single responsibility principle (SRP) in Python when calls are expensive

Format single node in tikzcd

Keeping a retro style to sci-fi spaceships?

Can the prologue be the backstory of your main character?

"... to apply for a visa" or "... and applied for a visa"?

Wolves and sheep

Didn't get enough time to take a Coding Test - what to do now?

What is special about square numbers here?

Take groceries in checked luggage

When did F become S in typeography, and why?



Why doesn't root need the password to run “sudo” even when “NOPASSWD:ALL” isn't written in /etc/sudoers [duplicate]



The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election ResultsWhy can `root` run any command as any user without providing password?sudo no password breaks other sudo -u usesExecute shell script from php, as root user?How do I get simple scripts which seem to need root priveliges to run via the www-data user?Is it safe to disable password for a user, if it only uses SSH key login?Use current user environment variable in sudoers fileParallels on Mac - can no longer sudo within UbuntuWhat does “ALL ALL=(ALL) ALL” mean in sudoers?Why do I still need to run shutdown as sudo after this?Checking sudoers without root?IPTABLES and sudoers file issue



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








6
















This question already has an answer here:



  • Why can `root` run any command as any user without providing password?

    2 answers



In /etc/sudoers, there is always:



root ALL=(ALL:ALL) ALL


However, the root user (with UID 0) doesn't need to enter password when they run sudo command.



For other users, a password is required unless their entry contains NOPASSWD or a previous authentication hasn't timed out:



user ALL=(ALL:ALL) NOPASSWD:ALL
 ^^^^^^^^





linux sudo root







share|improve this question















marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • This is a bit weird actually. Even though you'd usually use sudo to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo still requires the config line for root to be there. Without it, it tells even root to bugger off.

    – ilkkachu
    Mar 25 at 10:37











  • Cause it is root. What would you gain running sudo as root? "Beyond Root"? "Who watch the Watchmen?"

    – nwildner
    Mar 25 at 14:28

















6
















This question already has an answer here:



  • Why can `root` run any command as any user without providing password?

    2 answers



In /etc/sudoers, there is always:



root ALL=(ALL:ALL) ALL


However, the root user (with UID 0) doesn't need to enter password when they run sudo command.



For other users, a password is required unless their entry contains NOPASSWD or a previous authentication hasn't timed out:



user ALL=(ALL:ALL) NOPASSWD:ALL
 ^^^^^^^^





linux sudo root







share|improve this question















marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • This is a bit weird actually. Even though you'd usually use sudo to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo still requires the config line for root to be there. Without it, it tells even root to bugger off.

    – ilkkachu
    Mar 25 at 10:37











  • Cause it is root. What would you gain running sudo as root? "Beyond Root"? "Who watch the Watchmen?"

    – nwildner
    Mar 25 at 14:28













6












6








6


1







This question already has an answer here:



  • Why can `root` run any command as any user without providing password?

    2 answers



In /etc/sudoers, there is always:



root ALL=(ALL:ALL) ALL


However, the root user (with UID 0) doesn't need to enter password when they run sudo command.



For other users, a password is required unless their entry contains NOPASSWD or a previous authentication hasn't timed out:



user ALL=(ALL:ALL) NOPASSWD:ALL
 ^^^^^^^^





linux sudo root







share|improve this question

















This question already has an answer here:



  • Why can `root` run any command as any user without providing password?

    2 answers



In /etc/sudoers, there is always:



root ALL=(ALL:ALL) ALL


However, the root user (with UID 0) doesn't need to enter password when they run sudo command.



For other users, a password is required unless their entry contains NOPASSWD or a previous authentication hasn't timed out:



user ALL=(ALL:ALL) NOPASSWD:ALL
 ^^^^^^^^




This question already has an answer here:



  • Why can `root` run any command as any user without providing password?

    2 answers






linux sudo root




linux sudo root






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 25 at 7:14







iBug

















asked Mar 25 at 7:09









iBugiBug

1,0181032




1,0181032




marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • This is a bit weird actually. Even though you'd usually use sudo to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo still requires the config line for root to be there. Without it, it tells even root to bugger off.

    – ilkkachu
    Mar 25 at 10:37











  • Cause it is root. What would you gain running sudo as root? "Beyond Root"? "Who watch the Watchmen?"

    – nwildner
    Mar 25 at 14:28

















  • This is a bit weird actually. Even though you'd usually use sudo to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo still requires the config line for root to be there. Without it, it tells even root to bugger off.

    – ilkkachu
    Mar 25 at 10:37











  • Cause it is root. What would you gain running sudo as root? "Beyond Root"? "Who watch the Watchmen?"

    – nwildner
    Mar 25 at 14:28
















This is a bit weird actually. Even though you'd usually use sudo to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo still requires the config line for root to be there. Without it, it tells even root to bugger off.

– ilkkachu
Mar 25 at 10:37





This is a bit weird actually. Even though you'd usually use sudo to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo still requires the config line for root to be there. Without it, it tells even root to bugger off.

– ilkkachu
Mar 25 at 10:37













Cause it is root. What would you gain running sudo as root? "Beyond Root"? "Who watch the Watchmen?"

– nwildner
Mar 25 at 14:28





Cause it is root. What would you gain running sudo as root? "Beyond Root"? "Who watch the Watchmen?"

– nwildner
Mar 25 at 14:28










2 Answers
2






active

oldest

votes


















6














sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.



Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.



Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.






share|improve this answer






























    3














    While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.



    If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).






    share|improve this answer





























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      6














      sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.



      Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.



      Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.






      share|improve this answer



























        6














        sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.



        Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.



        Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.






        share|improve this answer

























          6












          6








          6







          sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.



          Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.



          Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.






          share|improve this answer













          sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.



          Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.



          Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 25 at 7:24









          PeschkePeschke

          2,841926




          2,841926























              3














              While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.



              If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).






              share|improve this answer



























                3














                While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.



                If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).






                share|improve this answer

























                  3












                  3








                  3







                  While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.



                  If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).






                  share|improve this answer













                  While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.



                  If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Mar 25 at 8:10









                  ctrl-alt-delorctrl-alt-delor

                  12.5k52662




                  12.5k52662













                      -

                      Popular posts from this blog

                      Lowndes Grove History Architecture References Navigation menu32°48′6″N 79°57′58″W / 32.80167°N 79.96611°W / 32.80167; -79.9661132°48′6″N 79°57′58″W / 32.80167°N 79.96611°W / 32.80167; -79.9661178002500"National Register Information System"Historic houses of South Carolina"Lowndes Grove""+32° 48' 6.00", −79° 57' 58.00""Lowndes Grove, Charleston County (260 St. Margaret St., Charleston)""Lowndes Grove"The Charleston ExpositionIt Happened in South Carolina"Lowndes Grove (House), Saint Margaret Street & Sixth Avenue, Charleston, Charleston County, SC(Photographs)"Plantations of the Carolina Low Countrye

                      Image
                      Contributing propertyKeeper of the RegisterHistoric districtHistory of the National Register of Historic PlacesNational Park ServiceProperty typesCharlestonColumbiaGreenvilleNorth CharlestonRock Hill Houses on the National Register of Historic Places in South CarolinaGeorgian architecture in South CarolinaHouses completed in 1786Plantation houses in South CarolinaNational Register of Historic Places in Charleston, South CarolinaHouses in Charleston, South Carolina plantation houseAshley RiverCharlestonNational Register of Historic PlacesRevolutionary WarWilliam LowndesU.S. CongressSouth Carolina Inter-State and West Indian ExpositionGeorgianDoricbalustradespedimentoculusentablaturemodilliondentillightship roofterra cottatilescorbelledcornicesRegency stylespiral staircaseskylight Lowndes Grove U.S. National Register of Historic Places Lowndes Grove in 1940 Show map of South Carolina Show map of the United States Location 260 St. Margaret St., Charleston, South Carolina Coordinates 32
                      Read more

                      random experiment with two different functions on unit interval Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern)Random variable and probability space notionsRandom Walk with EdgesFinding functions where the increase over a random interval is Poisson distributedNumber of days until dayCan an observed event in fact be of zero probability?Unit random processmodels of coins and uniform distributionHow to get the number of successes given $n$ trials , probability $P$ and a random variable $X$Absorbing Markov chain in a computer. Is “almost every” turned into always convergence in computer executions?Stopped random walk is not uniformly integrable

                      Image
                      What would you call this weird metallic apparatus that allows you to lift people? Is it possible to give , in economics, an example of a relation ( set of ordered pairs) that is not a function? Maximum summed subsequences with non-adjacent items How many time has Arya actually used Needle? Is there public access to the Meteor Crater in Arizona? Belief In God or Knowledge Of God. Which is better? What is the meaning of 'breadth' in breadth first search? Why is there Net Work Done on a Pressure/Volume Cycle? How much damage would a cupful of neutron star matter do to the Earth? Sum letters are not two different Why does it sometimes sound good to play a grace note as a lead in to a note in a melody? What initially awakened the Balrog? How to pronounce 伝統色 QGIS virtual layer functionality does not seem to support memory layers AppleTVs create a chatty alternate WiFi network How to write capital alpha? How often does castling occur in grandmaster gam
                      Read more

                      How should I support this large drywall patch? Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?How do I cover large gaps in drywall?How do I keep drywall around a patch from crumbling?Can I glue a second layer of drywall?How to patch long strip on drywall?Large drywall patch: how to avoid bulging seams?Drywall Mesh Patch vs. Bulge? To remove or not to remove?How to fix this drywall job?Prep drywall before backsplashWhat's the best way to fix this horrible drywall patch job?Drywall patching using 3M Patch Plus Primer

                      Image
                      How do living politicians protect their readily obtainable signatures from misuse? Is it possible to force a specific program to remain in memory after closing it? File name problem(?) How to pronounce 伝統色 How does the math work when buying airline miles? Sum letters are not two different An adverb for when you're not exaggerating What does it mean that physics no longer uses mechanical models to describe phenomena? Take 2! Is this homebrew Lady of Pain warlock patron balanced? How many time has Arya actually used Needle? A letter with no particular backstory Converted a Scalar function to a TVF function for parallel execution-Still running in Serial mode Generate an RGB colour grid Co-worker has annoying ringtone Strange behavior of Object.defineProperty() in JavaScript "Lost his faith in humanity in the trenches of Verdun" — last line of an SF story What is this round thing on the pantry door in The Shining What would you call this weir
                      Read more