Why doesn't root need the password to run “sudo” even when “NOPASSWD:ALL” isn't written in...
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers
, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command
.
For other users, a password is required unless their entry contains NOPASSWD
or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan 20 hours ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers
, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command
.
For other users, a password is required unless their entry contains NOPASSWD
or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan 20 hours ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
This is a bit weird actually. Even though you'd usually usesudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudo
still requires the config line forroot
to be there. Without it, it tells even root to bugger off.
– ilkkachu
yesterday
Cause it isroot
. What would you gain runningsudo
as root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
21 hours ago
add a comment |
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers
, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command
.
For other users, a password is required unless their entry contains NOPASSWD
or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers
, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command
.
For other users, a password is required unless their entry contains NOPASSWD
or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
linux sudo root
linux sudo root
edited yesterday
iBug
asked yesterday
iBugiBug
1,0181031
1,0181031
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan 20 hours ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan 20 hours ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
This is a bit weird actually. Even though you'd usually usesudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudo
still requires the config line forroot
to be there. Without it, it tells even root to bugger off.
– ilkkachu
yesterday
Cause it isroot
. What would you gain runningsudo
as root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
21 hours ago
add a comment |
This is a bit weird actually. Even though you'd usually usesudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudo
still requires the config line forroot
to be there. Without it, it tells even root to bugger off.
– ilkkachu
yesterday
Cause it isroot
. What would you gain runningsudo
as root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
21 hours ago
This is a bit weird actually. Even though you'd usually use
sudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo
still requires the config line for root
to be there. Without it, it tells even root to bugger off.– ilkkachu
yesterday
This is a bit weird actually. Even though you'd usually use
sudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo
still requires the config line for root
to be there. Without it, it tells even root to bugger off.– ilkkachu
yesterday
Cause it is
root
. What would you gain running sudo
as root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
21 hours ago
Cause it is
root
. What would you gain running sudo
as root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
21 hours ago
add a comment |
2 Answers
2
active
oldest
votes
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
add a comment |
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
add a comment |
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
sudo
allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su
to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user
as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su
.
answered yesterday
PeschkePeschke
2,841926
2,841926
add a comment |
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID
and CAP_SETGID
, so does not need sudo. It can do what ever it want.
If sudo
is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
answered yesterday
ctrl-alt-delorctrl-alt-delor
12.1k42561
12.1k42561
add a comment |
add a comment |
This is a bit weird actually. Even though you'd usually use
sudo
to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudo
still requires the config line forroot
to be there. Without it, it tells even root to bugger off.– ilkkachu
yesterday
Cause it is
root
. What would you gain runningsudo
as root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
21 hours ago