Given that root has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers? [duplicate]












29
















This question already has an answer here:




  • Why does the root user need sudo permission?

    3 answers




I looked at this question:
Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file



I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems?



## Allow root to run any commands anywhere
root ALL=(ALL) ALL


I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.










share|improve this question















marked as duplicate by Jeff Schaller, Braiam, Stephen Kitt, Christopher, Wouter Verhelst Jan 18 at 16:31


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.



















  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

    – oemb1905
    Jan 18 at 6:14






  • 1





    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

    – oemb1905
    Jan 18 at 6:17


















29
















This question already has an answer here:




  • Why does the root user need sudo permission?

    3 answers




I looked at this question:
Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file



I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems?



## Allow root to run any commands anywhere
root ALL=(ALL) ALL


I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.










share|improve this question















marked as duplicate by Jeff Schaller, Braiam, Stephen Kitt, Christopher, Wouter Verhelst Jan 18 at 16:31


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.



















  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

    – oemb1905
    Jan 18 at 6:14






  • 1





    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

    – oemb1905
    Jan 18 at 6:17
















29












29








29


3







This question already has an answer here:




  • Why does the root user need sudo permission?

    3 answers




I looked at this question:
Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file



I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems?



## Allow root to run any commands anywhere
root ALL=(ALL) ALL


I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.










share|improve this question

















This question already has an answer here:




  • Why does the root user need sudo permission?

    3 answers




I looked at this question:
Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file



I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems?



## Allow root to run any commands anywhere
root ALL=(ALL) ALL


I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.





This question already has an answer here:




  • Why does the root user need sudo permission?

    3 answers








sudo root






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 18 at 1:20









Jeff Schaller

41.2k1056131




41.2k1056131










asked Jan 17 at 14:01









Bruce XieBruce Xie

15115




15115




marked as duplicate by Jeff Schaller, Braiam, Stephen Kitt, Christopher, Wouter Verhelst Jan 18 at 16:31


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by Jeff Schaller, Braiam, Stephen Kitt, Christopher, Wouter Verhelst Jan 18 at 16:31


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.















  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

    – oemb1905
    Jan 18 at 6:14






  • 1





    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

    – oemb1905
    Jan 18 at 6:17





















  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

    – oemb1905
    Jan 18 at 6:14






  • 1





    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

    – oemb1905
    Jan 18 at 6:17



















People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

– oemb1905
Jan 18 at 6:14





People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege.

– oemb1905
Jan 18 at 6:14




1




1





And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

– oemb1905
Jan 18 at 6:17







And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi

– oemb1905
Jan 18 at 6:17












1 Answer
1






active

oldest

votes


















45














That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.






share|improve this answer


























  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41


















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









45














That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.






share|improve this answer


























  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41
















45














That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.






share|improve this answer


























  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41














45












45








45







That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.






share|improve this answer















That entry ensures that root can run sudo. If you comment it out,



sudo ls


run as root will fail.



It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.







share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 17 at 15:12

























answered Jan 17 at 14:06









Stephen KittStephen Kitt

171k24386462




171k24386462













  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41



















  • looks like that, I got it, thank you!

    – Bruce Xie
    Jan 17 at 15:18






  • 10





    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

    – eckes
    Jan 17 at 16:42






  • 5





    @eckes indeed; and root can do that using a variety of tools, without a password (su for example).

    – Stephen Kitt
    Jan 17 at 16:45






  • 5





    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

    – Austin Hemmelgarn
    Jan 17 at 18:41

















looks like that, I got it, thank you!

– Bruce Xie
Jan 17 at 15:18





looks like that, I got it, thank you!

– Bruce Xie
Jan 17 at 15:18




10




10





It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

– eckes
Jan 17 at 16:42





It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges.

– eckes
Jan 17 at 16:42




5




5





@eckes indeed; and root can do that using a variety of tools, without a password (su for example).

– Stephen Kitt
Jan 17 at 16:45





@eckes indeed; and root can do that using a variety of tools, without a password (su for example).

– Stephen Kitt
Jan 17 at 16:45




5




5





@StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

– Austin Hemmelgarn
Jan 17 at 18:41





@StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things.

– Austin Hemmelgarn
Jan 17 at 18:41



Popular posts from this blog

Human spaceflight

Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

張江高科駅