我的/etc/sudoers
有内容:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
上面没有指定的规则NOPASSWD
。我想知道为什么用户root
似乎能够以任何用户身份执行任何命令而无需提供密码?
谢谢。
答案1
root 用户不需要对 sudo 进行身份验证,因此不需要输入密码即可以其他用户身份运行命令。
来自sudoers
联机帮助页:
User Authentication
The sudoers security policy requires that most users authenticate themselves
before they can use sudo. A password is not required if the invoking user is root,
if the target user is the same as the invoking user, or if the policy has disabled
authentication for the user or command. (...)
答案2
root
是Linux中的超级用户。默认root
拥有所有权限。您不必显式配置root
为sudoers
.
试想一下,如果没有这样的超级用户,您如何以及由谁来控制其他人的访问权限?