LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 03-03-2009, 02:31 PM   #1
armandino
Member
 
Registered: Oct 2005
Posts: 72

Rep: Reputation: 15
Sudoers - root question


What is the need of the lines:

Code:
## Allow root to run any commands anywhere
root ALL = (ALL) ALL
in the /etc/sudoers file??

Doesn't root have ANYWAY full powers on the system?
 
Old 03-03-2009, 08:01 PM   #2
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
Try using visudo to edit sudoers and remove that line.

I bet sudo would then block root. So, `sudo ls -l` by root would fail; whereas, obviously, `ls -l` directly by root would work just fine. You can repair the "damage" by doing `vi /etc/sudoers`. vi just won't syntax check for you when you are done, and you could break things if you mess up.

On my Mac OS X system, that same line appears with %admin. So, an admin user can do anything with sudo.

Full disclosure: I haven't tried it, and don't want to mess with my servers. But it seems perfectly logical.
 
Old 03-04-2009, 12:08 AM   #3
armandino
Member
 
Registered: Oct 2005
Posts: 72

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by choogendyk View Post
...I bet sudo would then block root. So, `sudo ls -l` by root would fail... it seems perfectly logical.
Thanks for the answer. That seems logical to me as well and I'll check out just to be sure.

Anyway, my central doubt remains:

Why should root bother issuing he command 'sudo ls -l' instead of plain 'ls -l'?

Last edited by armandino; 03-04-2009 at 12:09 AM.
 
Old 03-04-2009, 01:36 PM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,641

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
When his fingers are used to typing sudo first.
 
Old 03-05-2009, 06:57 AM   #5
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
Having root `sudo ls -l` was just an example.

I think that as a matter of principle, sudoer is set up to not deny access to root. But, as a matter of flexibility, it is done in the configuration of the sudoers file. I would guess that makes the coding more straightforward as well, since there wouldn't be any exceptions for root that have to be coded in throughout the code.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
basic sudoers question... aquaboot Ubuntu 1 04-25-2007 12:15 AM
A question about the sudoers file... hkl8324 Linux - Newbie 1 01-29-2006 06:08 AM
sudoers question clickster Linux - Security 1 11-24-2005 04:47 AM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 05:03 PM
sudoers usa1234 Linux - General 1 10-24-2004 03:07 PM


All times are GMT -5. The time now is 07:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration