Given that root has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers? [duplicate]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












29
















This question already has an answer here:



  • Why does the root user need sudo permission?

    3 answers



I looked at this question:
Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file



I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems? 



## Allow root to run any commands anywhere
root ALL=(ALL) ALL


I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.






sudo root







share|improve this question















marked as duplicate by Jeff Schaller, Braiam, Stephen Kitt, Christopher, Wouter Verhelst Jan 18 at 16:31


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

    – oemb1905
    Jan 18 at 6:14






  • 1





    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

    – oemb1905
    Jan 18 at 6:17
















29
















This question already has an answer here:



  • Why does the root user need sudo permission?

    3 answers



I looked at this question:
Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file



I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems? 



## Allow root to run any commands anywhere
root ALL=(ALL) ALL


I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.






sudo root







share|improve this question















marked as duplicate by Jeff Schaller, Braiam, Stephen Kitt, Christopher, Wouter Verhelst Jan 18 at 16:31


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

    – oemb1905
    Jan 18 at 6:14






  • 1





    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

    – oemb1905
    Jan 18 at 6:17














29












29








29


3







This question already has an answer here:



  • Why does the root user need sudo permission?

    3 answers



I looked at this question:
Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file



I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems? 



## Allow root to run any commands anywhere
root ALL=(ALL) ALL


I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.






sudo root







share|improve this question

















This question already has an answer here:



  • Why does the root user need sudo permission?

    3 answers



I looked at this question:
Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file



I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems? 



## Allow root to run any commands anywhere
root ALL=(ALL) ALL


I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.





This question already has an answer here:



  • Why does the root user need sudo permission?

    3 answers






sudo root




sudo root






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 18 at 1:20









Jeff Schaller

40.8k1056129




40.8k1056129










asked Jan 17 at 14:01









Bruce XieBruce Xie

15115




15115




marked as duplicate by Jeff Schaller, Braiam, Stephen Kitt, Christopher, Wouter Verhelst Jan 18 at 16:31


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by Jeff Schaller, Braiam, Stephen Kitt, Christopher, Wouter Verhelst Jan 18 at 16:31


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

    – oemb1905
    Jan 18 at 6:14






  • 1





    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

    – oemb1905
    Jan 18 at 6:17


















  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

    – oemb1905
    Jan 18 at 6:14






  • 1





    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

    – oemb1905
    Jan 18 at 6:17

















People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

– oemb1905
Jan 18 at 6:14





People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

– oemb1905
Jan 18 at 6:14




1




1





And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

– oemb1905
Jan 18 at 6:17






And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

– oemb1905
Jan 18 at 6:17











1 Answer
1






active

oldest

votes


















45














That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.






share|improve this answer

























  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









45














That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.






share|improve this answer

























  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41















45














That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.






share|improve this answer

























  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41













45












45








45







That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.






share|improve this answer















That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.







share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 17 at 15:12

























answered Jan 17 at 14:06









Stephen KittStephen Kitt

170k24382458




170k24382458












  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41

















  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41
















looks like that, I got it, thank you!

– Bruce Xie
Jan 17 at 15:18





looks like that, I got it, thank you!

– Bruce Xie
Jan 17 at 15:18




10




10





It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

– eckes
Jan 17 at 16:42





It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

– eckes
Jan 17 at 16:42




5




5





@eckes indeed; and root can do that using a variety of tools, without a password (su for example).

– Stephen Kitt
Jan 17 at 16:45





@eckes indeed; and root can do that using a variety of tools, without a password (su for example).

– Stephen Kitt
Jan 17 at 16:45




5




5





@StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

– Austin Hemmelgarn
Jan 17 at 18:41





@StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

– Austin Hemmelgarn
Jan 17 at 18:41


-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Bahrain

Image
For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
Read more

Postfix configuration issue with fips on centos 7; mailgun relay

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
Read more