Why doesn't root need the password to run “sudo” even when “NOPASSWD:ALL” isn't written in /etc/sudoers [duplicate] The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsWhy can `root` run any command as any user without providing password?sudo no password breaks other sudo -u usesExecute shell script from php, as root user?How do I get simple scripts which seem to need root priveliges to run via the www-data user?Is it safe to disable password for a user, if it only uses SSH key login?Use current user environment variable in sudoers fileParallels on Mac - can no longer sudo within UbuntuWhat does “ALL ALL=(ALL) ALL” mean in sudoers?Why do I still need to run shutdown as sudo after this?Checking sudoers without root?IPTABLES and sudoers file issue
Did God make two great lights or did He make the great light two?
Semisimplicity of the category of coherent sheaves?
Relations between two reciprocal partial derivatives?
ELI5: Why do they say that Israel would have been the fourth country to land a spacecraft on the Moon and why do they call it low cost?
What can I do if neighbor is blocking my solar panels intentionally?
How to colour the US map with Yellow, Green, Red and Blue to minimize the number of states with the colour of Green
How long does the line of fire that you can create as an action using the Investiture of Flame spell last?
How can I define good in a religion that claims no moral authority?
How does ice melt when immersed in water?
Difference between "generating set" and free product?
Why does the Event Horizon Telescope (EHT) not include telescopes from Africa, Asia or Australia?
Slither Like a Snake
The variadic template constructor of my class cannot modify my class members, why is that so?
Derivation tree not rendering
Working through the single responsibility principle (SRP) in Python when calls are expensive
Format single node in tikzcd
Keeping a retro style to sci-fi spaceships?
Can the prologue be the backstory of your main character?
"... to apply for a visa" or "... and applied for a visa"?
Wolves and sheep
Didn't get enough time to take a Coding Test - what to do now?
What is special about square numbers here?
Take groceries in checked luggage
When did F become S in typeography, and why?
Why doesn't root need the password to run “sudo” even when “NOPASSWD:ALL” isn't written in /etc/sudoers [duplicate]
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election ResultsWhy can `root` run any command as any user without providing password?sudo no password breaks other sudo -u usesExecute shell script from php, as root user?How do I get simple scripts which seem to need root priveliges to run via the www-data user?Is it safe to disable password for a user, if it only uses SSH key login?Use current user environment variable in sudoers fileParallels on Mac - can no longer sudo within UbuntuWhat does “ALL ALL=(ALL) ALL” mean in sudoers?Why do I still need to run shutdown as sudo after this?Checking sudoers without root?IPTABLES and sudoers file issue
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers
, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command
.
For other users, a password is required unless their entry contains NOPASSWD
or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers
, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command
.
For other users, a password is required unless their entry contains NOPASSWD
or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
This is a bit weird actually. Even though you'd usually usesudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudo
still requires the config line forroot
to be there. Without it, it tells even root to bugger off.
– ilkkachu
Mar 25 at 10:37
Cause it isroot
. What would you gain runningsudo
as root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
Mar 25 at 14:28
add a comment |
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers
, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command
.
For other users, a password is required unless their entry contains NOPASSWD
or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers
, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command
.
For other users, a password is required unless their entry contains NOPASSWD
or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
linux sudo root
linux sudo root
edited Mar 25 at 7:14
iBug
asked Mar 25 at 7:09
iBugiBug
1,0181032
1,0181032
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
This is a bit weird actually. Even though you'd usually usesudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudo
still requires the config line forroot
to be there. Without it, it tells even root to bugger off.
– ilkkachu
Mar 25 at 10:37
Cause it isroot
. What would you gain runningsudo
as root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
Mar 25 at 14:28
add a comment |
This is a bit weird actually. Even though you'd usually usesudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudo
still requires the config line forroot
to be there. Without it, it tells even root to bugger off.
– ilkkachu
Mar 25 at 10:37
Cause it isroot
. What would you gain runningsudo
as root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
Mar 25 at 14:28
This is a bit weird actually. Even though you'd usually use
sudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo
still requires the config line for root
to be there. Without it, it tells even root to bugger off.– ilkkachu
Mar 25 at 10:37
This is a bit weird actually. Even though you'd usually use
sudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo
still requires the config line for root
to be there. Without it, it tells even root to bugger off.– ilkkachu
Mar 25 at 10:37
Cause it is
root
. What would you gain running sudo
as root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
Mar 25 at 14:28
Cause it is
root
. What would you gain running sudo
as root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
Mar 25 at 14:28
add a comment |
2 Answers
2
active
oldest
votes
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
add a comment |
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
add a comment |
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
answered Mar 25 at 7:24
PeschkePeschke
2,841926
2,841926
add a comment |
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52662
12.5k52662
add a comment |
add a comment |
This is a bit weird actually. Even though you'd usually use
sudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudo
still requires the config line forroot
to be there. Without it, it tells even root to bugger off.– ilkkachu
Mar 25 at 10:37
Cause it is
root
. What would you gain runningsudo
as root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
Mar 25 at 14:28