[sudo-users] Root sudo privileges

john william jwk1986 at yahoo.com
Mon Feb 22 20:04:33 MST 2016


I am trying to find info on why root is include by default in /etc/sudoers?  Why does root need ALL privileges when the root account itself has unrestricted privileges.

For the root_sudo option description: If set, root is allowed to run sudo too. Disabling this prevents users from “chaining” sudo commands to get a root shell by doing something like “sudo sudo /bin/sh”. Note, however, that turning off root_sudo will also prevent root from running sudoedit. Disabling root_sudo provides no real additional security; it exists purely for historical reasons. This flag is on by default.

How does preventing users from “chaining” sudo commands not provide additional security when it potentially prevents users from getting a root shell or executing other commands?
The root account can use su -l <user> - c <command> vs using sudo.

Thanks in advance

More information about the sudo-users mailing list