31

I looked at this question: Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL) ALL” in the sudoers file

I still have a question. Since the "root" user has all privileges, why is root ALL=(ALL) ALL in /etc/sudoers on Linux systems?

## Allow root to run any commands anywhere
root ALL=(ALL) ALL

I tried to comment it out, and the root user still had all privileges, it doesn't affect the root user at all. It looks like root ALL=(ALL) ALL is useless.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Willis
  • 449
  • 4
  • 8
  • People should remember that sudo is a package. You can actually still install Debian without sudo, and add it later by sudo apt install sudo ... naturally, if sudo is going to wrap around root for non-super users, it would need to define root in its configuration, along with the other users that contain the same privilege. – oemb1905 Jan 18 '19 at 06:14
  • 1
    And ... on freeBSD, the default installation does not even contain sudo. Sudo stands for "su" and "do" commands, or switch user and to do ... it was added early on to stop harm that could happen from always being the root user, as I understand it. But it is not required at all ... fyi – oemb1905 Jan 18 '19 at 06:17

1 Answers1

45

That entry ensures that root can run sudo. If you comment it out,

sudo ls

run as root will fail.

It’s a convenience: it means users can run sudo commands without thinking about things too much, i.e. they’ll work the same way whether they’re running as a sudo-enabled user or root (whether that’s a good idea is another question). It also means that scripts can use sudo to request root privileges, and still work without issue when they’re run as root directly.

Stephen Kitt
  • 434,908
  • 11
    It also allows root to become another user which is handy if you need to debug something or want to run something with limited privileges. – eckes Jan 17 '19 at 16:42
  • 6
    @eckes indeed; and root can do that using a variety of tools, without a password (su for example). – Stephen Kitt Jan 17 '19 at 16:45
  • 6
    @StephenKitt sudo also sanitizes the environment when you switch users with it, which is kind of important if you're debugging things. – Austin Hemmelgarn Jan 17 '19 at 18:41