Why doesn't root need the password to run “sudo” even when “NOPASSWD:ALL” isn't written in...
Generate an RGB colour grid
When a candle burns, why does the top of wick glow if bottom of flame is hottest?
Is there a kind of relay that only consumes power when switching?
Time to Settle Down!
Most bit efficient text communication method?
Why do we need to use the builder design pattern when we can do the same thing with setters?
What is "gratricide"?
Did Deadpool rescue all of the X-Force?
How fail-safe is nr as stop bytes?
How do living politicians protect their readily obtainable signatures from misuse?
What does it mean that physics no longer uses mechanical models to describe phenomena?
An adverb for when you're not exaggerating
Sum letters are not two different
How does the math work when buying airline miles?
Crossing US/Canada Border for less than 24 hours
Converted a Scalar function to a TVF function for parallel execution-Still running in Serial mode
Performance gap between vector<bool> and array
How does the secondary effect of the Heat Metal spell interact with a creature resistant/immune to fire damage?
Dating a Former Employee
Why does it sometimes sound good to play a grace note as a lead in to a note in a melody?
Why should I vote and accept answers?
What is the difference between globalisation and imperialism?
How to write this math term? with cases it isn't working
Selecting user stories during sprint planning
Why doesn't root need the password to run “sudo” even when “NOPASSWD:ALL” isn't written in /etc/sudoers [duplicate]
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionWhy can `root` run any command as any user without providing password?sudo no password breaks other sudo -u usesExecute shell script from php, as root user?How do I get simple scripts which seem to need root priveliges to run via the www-data user?Is it safe to disable password for a user, if it only uses SSH key login?Use current user environment variable in sudoers fileParallels on Mac - can no longer sudo within UbuntuWhat does “ALL ALL=(ALL) ALL” mean in sudoers?Why do I still need to run shutdown as sudo after this?Checking sudoers without root?IPTABLES and sudoers file issue
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command.
For other users, a password is required unless their entry contains NOPASSWD or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
asked Mar 25 at 7:09
iBugiBug
1,0231032
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command.
For other users, a password is required unless their entry contains NOPASSWD or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
asked Mar 25 at 7:09
iBugiBug
1,0231032
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
This is a bit weird actually. Even though you'd usually usesudoto run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudostill requires the config line forrootto be there. Without it, it tells even root to bugger off.
– ilkkachu
Mar 25 at 10:37
Cause it isroot. What would you gain runningsudoas root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
Mar 25 at 14:28
add a comment |
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command.
For other users, a password is required unless their entry contains NOPASSWD or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
linux sudo root
asked Mar 25 at 7:09
iBugiBug
1,0231032
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
In /etc/sudoers, there is always:
root ALL=(ALL:ALL) ALL
However, the root user (with UID 0) doesn't need to enter password when they run sudo command.
For other users, a password is required unless their entry contains NOPASSWD or a previous authentication hasn't timed out:
user ALL=(ALL:ALL) NOPASSWD:ALL
^^^^^^^^
This question already has an answer here:
Why can `root` run any command as any user without providing password?
2 answers
linux sudo root
linux sudo root
asked Mar 25 at 7:09
iBugiBug
1,0231032
asked Mar 25 at 7:09
iBugiBug
1,0231032
edited Mar 25 at 7:14
iBug
asked Mar 25 at 7:09
iBugiBug
1,0231032
asked Mar 25 at 7:09
iBugiBug
1,0231032
asked Mar 25 at 7:09
iBugiBug
1,0231032
1,0231032
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by muru, roaima, msp9011, nwildner, Anthony Geoghegan Mar 25 at 15:01
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
This is a bit weird actually. Even though you'd usually usesudoto run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudostill requires the config line forrootto be there. Without it, it tells even root to bugger off.
– ilkkachu
Mar 25 at 10:37
Cause it isroot. What would you gain runningsudoas root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
Mar 25 at 14:28
add a comment |
This is a bit weird actually. Even though you'd usually usesudoto run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudostill requires the config line forrootto be there. Without it, it tells even root to bugger off.
– ilkkachu
Mar 25 at 10:37
Cause it isroot. What would you gain runningsudoas root? "Beyond Root"? "Who watch the Watchmen?"
– nwildner
Mar 25 at 14:28
This is a bit weird actually. Even though you'd usually use
sudo to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo still requires the config line for root to be there. Without it, it tells even root to bugger off.– ilkkachu
Mar 25 at 10:37
This is a bit weird actually. Even though you'd usually use
sudo to run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them, sudo still requires the config line for root to be there. Without it, it tells even root to bugger off.– ilkkachu
Mar 25 at 10:37
Cause it is
root. What would you gain running sudo as root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
Mar 25 at 14:28
Cause it is
root. What would you gain running sudo as root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
Mar 25 at 14:28
add a comment |
2 Answers
2
active
oldest
votes
sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.
answered Mar 25 at 7:24
PeschkePeschke
2,861927
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.
If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52663
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.
answered Mar 25 at 7:24
PeschkePeschke
2,861927
add a comment |
sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.
answered Mar 25 at 7:24
PeschkePeschke
2,861927
add a comment |
sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.
answered Mar 25 at 7:24
PeschkePeschke
2,861927
sudo allows users to execute commands as UID 0 (or other users) based on how it’s configured. There is no need to ask root for a password to run a command as UID 0, because it already is UID 0.
Furthermore, root can also su to anyone it’d like, so there’s no need to prompt for a password when executing sudo -u user as UID 0.
Note: I do believe there is a PAM setting that will even require root to provide a password for the target user when using su.
answered Mar 25 at 7:24
PeschkePeschke
2,861927
answered Mar 25 at 7:24
PeschkePeschke
2,861927
answered Mar 25 at 7:24
PeschkePeschke
2,861927
answered Mar 25 at 7:24
PeschkePeschke
2,861927
2,861927
add a comment |
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.
If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52663
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.
If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52663
add a comment |
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.
If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52663
While this is an interesting inconsistency. It would be pointless in stopping root, as root has capabilities CAP_SETUID and CAP_SETGID, so does not need sudo. It can do what ever it want.
If sudo is checking root, and not these capabilities, then there may be a latent-bug: root with no capabilities could escalate (I don't know I have not looked at the code, or tested).
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52663
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52663
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52663
answered Mar 25 at 8:10
ctrl-alt-delorctrl-alt-delor
12.5k52663
12.5k52663
add a comment |
add a comment |
This is a bit weird actually. Even though you'd usually use
sudoto run commands as UID 0, and root is already UID 0 and there's nothing to gain by stopping them,sudostill requires the config line forrootto be there. Without it, it tells even root to bugger off.– ilkkachu
Mar 25 at 10:37
Cause it is
root. What would you gain runningsudoas root? "Beyond Root"? "Who watch the Watchmen?"– nwildner
Mar 25 at 14:28