Trying to understand the difference between “modernNeo ALL=(ALL:ALL) ALL” and “modernNeo ALL=(ALL)...
In the sudoers file, you can have either of the following lines
modernNeo ALL=(ALL:ALL) ALL
modernNeo ALL=(ALL) ALL
I looked at the following answers on here to understand this
- https://askubuntu.com/questions/334318/sudoers-file-enable-nopasswd-for-user-all-commands/340669#340669
- https://askubuntu.com/questions/546219/what-is-the-difference-between-root-all-allall-all-and-root-all-all-all/546228#546228
- This post on Ubuntu Forums
- https://unix.stackexchange.com/a/201866
Question 1
If I understand correctly from those above answers, (ALL:ALL) means that you can run the command as any user and any group and that (ALL) means that you can run the command as any user but your group remains the same [it remains your own group] regardless of the user you become when you use sudo with ALL for the third entry?
Question 2
But with (ALL:ALL)
- If you can run it as any group, how does sudo decide what group you run the command as if you don't specify it on the commandline using
-g? - does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
- Where does it get the list of groups from and what is the order of the groups on that list?
- Or does it just revert to using
rootfor user and/or group when your preference for what user and/or group you want to become isn't specified? If that is the case, why do(ALL:ALL)when you can do(root:root)?
Question 3
Furthermore, in this Ubuntu Forums post, with regards to the following lines
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
They say that
Users in the admin group may become root. Users in the sudo group can only use the sudo command.
For instance, they could notsudo su(ALL:ALL)refers to(user:group)thatsudowill use. It can be specified with-uand-gwhen you runsudo. If you don't specify anything it will run asroot:root, which is the default. That's how most end up using it anyway.
That confuses me; they are stating that if you can take on any group when running a command, then you are unable to become root?
permissions sudo
edited Dec 30 '18 at 17:39
Jeff Schaller
39k1053125
asked Dec 25 '18 at 3:01
modernNeo
283
add a comment |
In the sudoers file, you can have either of the following lines
modernNeo ALL=(ALL:ALL) ALL
modernNeo ALL=(ALL) ALL
I looked at the following answers on here to understand this
- https://askubuntu.com/questions/334318/sudoers-file-enable-nopasswd-for-user-all-commands/340669#340669
- https://askubuntu.com/questions/546219/what-is-the-difference-between-root-all-allall-all-and-root-all-all-all/546228#546228
- This post on Ubuntu Forums
- https://unix.stackexchange.com/a/201866
Question 1
If I understand correctly from those above answers, (ALL:ALL) means that you can run the command as any user and any group and that (ALL) means that you can run the command as any user but your group remains the same [it remains your own group] regardless of the user you become when you use sudo with ALL for the third entry?
Question 2
But with (ALL:ALL)
- If you can run it as any group, how does sudo decide what group you run the command as if you don't specify it on the commandline using
-g? - does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
- Where does it get the list of groups from and what is the order of the groups on that list?
- Or does it just revert to using
rootfor user and/or group when your preference for what user and/or group you want to become isn't specified? If that is the case, why do(ALL:ALL)when you can do(root:root)?
Question 3
Furthermore, in this Ubuntu Forums post, with regards to the following lines
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
They say that
Users in the admin group may become root. Users in the sudo group can only use the sudo command.
For instance, they could notsudo su(ALL:ALL)refers to(user:group)thatsudowill use. It can be specified with-uand-gwhen you runsudo. If you don't specify anything it will run asroot:root, which is the default. That's how most end up using it anyway.
That confuses me; they are stating that if you can take on any group when running a command, then you are unable to become root?
permissions sudo
edited Dec 30 '18 at 17:39
Jeff Schaller
39k1053125
asked Dec 25 '18 at 3:01
modernNeo
283
add a comment |
In the sudoers file, you can have either of the following lines
modernNeo ALL=(ALL:ALL) ALL
modernNeo ALL=(ALL) ALL
I looked at the following answers on here to understand this
- https://askubuntu.com/questions/334318/sudoers-file-enable-nopasswd-for-user-all-commands/340669#340669
- https://askubuntu.com/questions/546219/what-is-the-difference-between-root-all-allall-all-and-root-all-all-all/546228#546228
- This post on Ubuntu Forums
- https://unix.stackexchange.com/a/201866
Question 1
If I understand correctly from those above answers, (ALL:ALL) means that you can run the command as any user and any group and that (ALL) means that you can run the command as any user but your group remains the same [it remains your own group] regardless of the user you become when you use sudo with ALL for the third entry?
Question 2
But with (ALL:ALL)
- If you can run it as any group, how does sudo decide what group you run the command as if you don't specify it on the commandline using
-g? - does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
- Where does it get the list of groups from and what is the order of the groups on that list?
- Or does it just revert to using
rootfor user and/or group when your preference for what user and/or group you want to become isn't specified? If that is the case, why do(ALL:ALL)when you can do(root:root)?
Question 3
Furthermore, in this Ubuntu Forums post, with regards to the following lines
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
They say that
Users in the admin group may become root. Users in the sudo group can only use the sudo command.
For instance, they could notsudo su(ALL:ALL)refers to(user:group)thatsudowill use. It can be specified with-uand-gwhen you runsudo. If you don't specify anything it will run asroot:root, which is the default. That's how most end up using it anyway.
That confuses me; they are stating that if you can take on any group when running a command, then you are unable to become root?
permissions sudo
edited Dec 30 '18 at 17:39
Jeff Schaller
39k1053125
asked Dec 25 '18 at 3:01
modernNeo
283
In the sudoers file, you can have either of the following lines
modernNeo ALL=(ALL:ALL) ALL
modernNeo ALL=(ALL) ALL
I looked at the following answers on here to understand this
- https://askubuntu.com/questions/334318/sudoers-file-enable-nopasswd-for-user-all-commands/340669#340669
- https://askubuntu.com/questions/546219/what-is-the-difference-between-root-all-allall-all-and-root-all-all-all/546228#546228
- This post on Ubuntu Forums
- https://unix.stackexchange.com/a/201866
Question 1
If I understand correctly from those above answers, (ALL:ALL) means that you can run the command as any user and any group and that (ALL) means that you can run the command as any user but your group remains the same [it remains your own group] regardless of the user you become when you use sudo with ALL for the third entry?
Question 2
But with (ALL:ALL)
- If you can run it as any group, how does sudo decide what group you run the command as if you don't specify it on the commandline using
-g? - does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
- Where does it get the list of groups from and what is the order of the groups on that list?
- Or does it just revert to using
rootfor user and/or group when your preference for what user and/or group you want to become isn't specified? If that is the case, why do(ALL:ALL)when you can do(root:root)?
Question 3
Furthermore, in this Ubuntu Forums post, with regards to the following lines
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
They say that
Users in the admin group may become root. Users in the sudo group can only use the sudo command.
For instance, they could notsudo su(ALL:ALL)refers to(user:group)thatsudowill use. It can be specified with-uand-gwhen you runsudo. If you don't specify anything it will run asroot:root, which is the default. That's how most end up using it anyway.
That confuses me; they are stating that if you can take on any group when running a command, then you are unable to become root?
permissions sudo
permissions sudo
edited Dec 30 '18 at 17:39
Jeff Schaller
39k1053125
asked Dec 25 '18 at 3:01
modernNeo
283
edited Dec 30 '18 at 17:39
Jeff Schaller
39k1053125
asked Dec 25 '18 at 3:01
modernNeo
283
edited Dec 30 '18 at 17:39
Jeff Schaller
39k1053125
edited Dec 30 '18 at 17:39
Jeff Schaller
39k1053125
edited Dec 30 '18 at 17:39
Jeff Schaller
39k1053125
39k1053125
asked Dec 25 '18 at 3:01
modernNeo
283
asked Dec 25 '18 at 3:01
modernNeo
283
asked Dec 25 '18 at 3:01
modernNeo
283
283
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
A line like:
smith ALL=(ALL) ALL
Will allow the user smith to use sudo to run at any computer (first ALL), as any user (the second ALL, the one inside parenthesis) any command (the last ALL). This command will be allowed by sudo:
smith@site ~ $ sudo -u root -g root bash
But this won't:
smith@site ~ $ sudo -u root -g smith bash
As the permissions for ANY group have not been declared.
This, however:
smith ALL=(ALL:ALL) ALL
Will allow this command to be executed (assuming user tom and group sawyer exist):
smith@site ~ $ sudo -u tom -g sawyer bash
tom@site ~ $ id
uid=1023(tom) gid=1087(sawyer) groups=1047(tom),1092(sawyer)
Having said that:
Q1
(ALL:ALL) means that you can run the command as any user and any group
Yes
(ALL) means that you can run the command as any user
Yes
but your group remains the same [it remains your own group]
No, the only group allowed is root.
Q2
how does sudo decide what group you run the command as if you don't specify it on the commandline using -g?
It defaults to root
does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
No.
Where does it get the list of groups from and what is the order of the groups on that list?
There is no list to use, no group to search, it simply falls to default root when *:ALL is used, or to the named group if *:group is used.
Simple rules, simple actions.
Or does it just revert to using root for user and/or group when your preference for what user and/or group you want to become isn't specified?
Yes.
If that is the case, why do (ALL:ALL) when you can do (root:root) ?
Because with (ALL:ALL) you can do:
sudo -u tom -g sawyer id
But with (root:root) you can only do:
sudo -u root -g root id
Nothing else (user and group wise).
Q3
For these lines:
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
Users in the admin group may become root.
Yes, users in the group(%) admin could become ANY user (including root) (because of the (ALL)) but only the root group.
Users in the sudo group can only use the sudo command.
That is incorrect. The users in the sudo group could execute any command (the last ALL).
Users in the group(%) sudo could become any user (the (ALL:) part)
and
any group (the (:ANY) part)
AND
may execute any command (the last ALL) (not only sudo, which is specifically incorrect).
For instance, they could not sudo su
No, they could do sudo su or sudo ls or sudo anycommand.
(ALL:ALL) refers to (user:group) that sudo will use. It can be specified with -u and -g when you run sudo.
They are correct here. The command sudo -u tom -g sawyer ls is correct and valid.
If you don't specify anything it will run as root:root, which is the default.
And are correct here as well. The command sudo ls will be executed with root:root permissions.
That's how most end up using it anyway.
Correct, the most used sudo command doesn't specify either a user or group.
So, it is the "most used, anyway" (default root:root).
That confuses me... they are stating that if you can take on any group when running a command,
Yes, they state that with (ALL:ALL) sudo could take any user or group.
But:
then you are unable to become root?
No, that is not what they said.
edited Dec 30 '18 at 17:38
Jeff Schaller
39k1053125
answered Dec 25 '18 at 5:34
Isaac
11.4k11650
Thanks! that clears alot of questions for me. but with regards to "No, they are not saying that. But if they were: that would have been incorrect." What were they trying to say with what I quoted from their answer, do you know?
– modernNeo
Dec 25 '18 at 7:30
@modernNeo Maybe is clearer now.
– Isaac
Dec 25 '18 at 7:46
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f490835%2ftrying-to-understand-the-difference-between-modernneo-all-allall-all-and-m%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
A line like:
smith ALL=(ALL) ALL
Will allow the user smith to use sudo to run at any computer (first ALL), as any user (the second ALL, the one inside parenthesis) any command (the last ALL). This command will be allowed by sudo:
smith@site ~ $ sudo -u root -g root bash
But this won't:
smith@site ~ $ sudo -u root -g smith bash
As the permissions for ANY group have not been declared.
This, however:
smith ALL=(ALL:ALL) ALL
Will allow this command to be executed (assuming user tom and group sawyer exist):
smith@site ~ $ sudo -u tom -g sawyer bash
tom@site ~ $ id
uid=1023(tom) gid=1087(sawyer) groups=1047(tom),1092(sawyer)
Having said that:
Q1
(ALL:ALL) means that you can run the command as any user and any group
Yes
(ALL) means that you can run the command as any user
Yes
but your group remains the same [it remains your own group]
No, the only group allowed is root.
Q2
how does sudo decide what group you run the command as if you don't specify it on the commandline using -g?
It defaults to root
does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
No.
Where does it get the list of groups from and what is the order of the groups on that list?
There is no list to use, no group to search, it simply falls to default root when *:ALL is used, or to the named group if *:group is used.
Simple rules, simple actions.
Or does it just revert to using root for user and/or group when your preference for what user and/or group you want to become isn't specified?
Yes.
If that is the case, why do (ALL:ALL) when you can do (root:root) ?
Because with (ALL:ALL) you can do:
sudo -u tom -g sawyer id
But with (root:root) you can only do:
sudo -u root -g root id
Nothing else (user and group wise).
Q3
For these lines:
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
Users in the admin group may become root.
Yes, users in the group(%) admin could become ANY user (including root) (because of the (ALL)) but only the root group.
Users in the sudo group can only use the sudo command.
That is incorrect. The users in the sudo group could execute any command (the last ALL).
Users in the group(%) sudo could become any user (the (ALL:) part)
and
any group (the (:ANY) part)
AND
may execute any command (the last ALL) (not only sudo, which is specifically incorrect).
For instance, they could not sudo su
No, they could do sudo su or sudo ls or sudo anycommand.
(ALL:ALL) refers to (user:group) that sudo will use. It can be specified with -u and -g when you run sudo.
They are correct here. The command sudo -u tom -g sawyer ls is correct and valid.
If you don't specify anything it will run as root:root, which is the default.
And are correct here as well. The command sudo ls will be executed with root:root permissions.
That's how most end up using it anyway.
Correct, the most used sudo command doesn't specify either a user or group.
So, it is the "most used, anyway" (default root:root).
That confuses me... they are stating that if you can take on any group when running a command,
Yes, they state that with (ALL:ALL) sudo could take any user or group.
But:
then you are unable to become root?
No, that is not what they said.
edited Dec 30 '18 at 17:38
Jeff Schaller
39k1053125
answered Dec 25 '18 at 5:34
Isaac
11.4k11650
Thanks! that clears alot of questions for me. but with regards to "No, they are not saying that. But if they were: that would have been incorrect." What were they trying to say with what I quoted from their answer, do you know?
– modernNeo
Dec 25 '18 at 7:30
@modernNeo Maybe is clearer now.
– Isaac
Dec 25 '18 at 7:46
add a comment |
A line like:
smith ALL=(ALL) ALL
Will allow the user smith to use sudo to run at any computer (first ALL), as any user (the second ALL, the one inside parenthesis) any command (the last ALL). This command will be allowed by sudo:
smith@site ~ $ sudo -u root -g root bash
But this won't:
smith@site ~ $ sudo -u root -g smith bash
As the permissions for ANY group have not been declared.
This, however:
smith ALL=(ALL:ALL) ALL
Will allow this command to be executed (assuming user tom and group sawyer exist):
smith@site ~ $ sudo -u tom -g sawyer bash
tom@site ~ $ id
uid=1023(tom) gid=1087(sawyer) groups=1047(tom),1092(sawyer)
Having said that:
Q1
(ALL:ALL) means that you can run the command as any user and any group
Yes
(ALL) means that you can run the command as any user
Yes
but your group remains the same [it remains your own group]
No, the only group allowed is root.
Q2
how does sudo decide what group you run the command as if you don't specify it on the commandline using -g?
It defaults to root
does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
No.
Where does it get the list of groups from and what is the order of the groups on that list?
There is no list to use, no group to search, it simply falls to default root when *:ALL is used, or to the named group if *:group is used.
Simple rules, simple actions.
Or does it just revert to using root for user and/or group when your preference for what user and/or group you want to become isn't specified?
Yes.
If that is the case, why do (ALL:ALL) when you can do (root:root) ?
Because with (ALL:ALL) you can do:
sudo -u tom -g sawyer id
But with (root:root) you can only do:
sudo -u root -g root id
Nothing else (user and group wise).
Q3
For these lines:
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
Users in the admin group may become root.
Yes, users in the group(%) admin could become ANY user (including root) (because of the (ALL)) but only the root group.
Users in the sudo group can only use the sudo command.
That is incorrect. The users in the sudo group could execute any command (the last ALL).
Users in the group(%) sudo could become any user (the (ALL:) part)
and
any group (the (:ANY) part)
AND
may execute any command (the last ALL) (not only sudo, which is specifically incorrect).
For instance, they could not sudo su
No, they could do sudo su or sudo ls or sudo anycommand.
(ALL:ALL) refers to (user:group) that sudo will use. It can be specified with -u and -g when you run sudo.
They are correct here. The command sudo -u tom -g sawyer ls is correct and valid.
If you don't specify anything it will run as root:root, which is the default.
And are correct here as well. The command sudo ls will be executed with root:root permissions.
That's how most end up using it anyway.
Correct, the most used sudo command doesn't specify either a user or group.
So, it is the "most used, anyway" (default root:root).
That confuses me... they are stating that if you can take on any group when running a command,
Yes, they state that with (ALL:ALL) sudo could take any user or group.
But:
then you are unable to become root?
No, that is not what they said.
edited Dec 30 '18 at 17:38
Jeff Schaller
39k1053125
answered Dec 25 '18 at 5:34
Isaac
11.4k11650
Thanks! that clears alot of questions for me. but with regards to "No, they are not saying that. But if they were: that would have been incorrect." What were they trying to say with what I quoted from their answer, do you know?
– modernNeo
Dec 25 '18 at 7:30
@modernNeo Maybe is clearer now.
– Isaac
Dec 25 '18 at 7:46
add a comment |
A line like:
smith ALL=(ALL) ALL
Will allow the user smith to use sudo to run at any computer (first ALL), as any user (the second ALL, the one inside parenthesis) any command (the last ALL). This command will be allowed by sudo:
smith@site ~ $ sudo -u root -g root bash
But this won't:
smith@site ~ $ sudo -u root -g smith bash
As the permissions for ANY group have not been declared.
This, however:
smith ALL=(ALL:ALL) ALL
Will allow this command to be executed (assuming user tom and group sawyer exist):
smith@site ~ $ sudo -u tom -g sawyer bash
tom@site ~ $ id
uid=1023(tom) gid=1087(sawyer) groups=1047(tom),1092(sawyer)
Having said that:
Q1
(ALL:ALL) means that you can run the command as any user and any group
Yes
(ALL) means that you can run the command as any user
Yes
but your group remains the same [it remains your own group]
No, the only group allowed is root.
Q2
how does sudo decide what group you run the command as if you don't specify it on the commandline using -g?
It defaults to root
does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
No.
Where does it get the list of groups from and what is the order of the groups on that list?
There is no list to use, no group to search, it simply falls to default root when *:ALL is used, or to the named group if *:group is used.
Simple rules, simple actions.
Or does it just revert to using root for user and/or group when your preference for what user and/or group you want to become isn't specified?
Yes.
If that is the case, why do (ALL:ALL) when you can do (root:root) ?
Because with (ALL:ALL) you can do:
sudo -u tom -g sawyer id
But with (root:root) you can only do:
sudo -u root -g root id
Nothing else (user and group wise).
Q3
For these lines:
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
Users in the admin group may become root.
Yes, users in the group(%) admin could become ANY user (including root) (because of the (ALL)) but only the root group.
Users in the sudo group can only use the sudo command.
That is incorrect. The users in the sudo group could execute any command (the last ALL).
Users in the group(%) sudo could become any user (the (ALL:) part)
and
any group (the (:ANY) part)
AND
may execute any command (the last ALL) (not only sudo, which is specifically incorrect).
For instance, they could not sudo su
No, they could do sudo su or sudo ls or sudo anycommand.
(ALL:ALL) refers to (user:group) that sudo will use. It can be specified with -u and -g when you run sudo.
They are correct here. The command sudo -u tom -g sawyer ls is correct and valid.
If you don't specify anything it will run as root:root, which is the default.
And are correct here as well. The command sudo ls will be executed with root:root permissions.
That's how most end up using it anyway.
Correct, the most used sudo command doesn't specify either a user or group.
So, it is the "most used, anyway" (default root:root).
That confuses me... they are stating that if you can take on any group when running a command,
Yes, they state that with (ALL:ALL) sudo could take any user or group.
But:
then you are unable to become root?
No, that is not what they said.
edited Dec 30 '18 at 17:38
Jeff Schaller
39k1053125
answered Dec 25 '18 at 5:34
Isaac
11.4k11650
A line like:
smith ALL=(ALL) ALL
Will allow the user smith to use sudo to run at any computer (first ALL), as any user (the second ALL, the one inside parenthesis) any command (the last ALL). This command will be allowed by sudo:
smith@site ~ $ sudo -u root -g root bash
But this won't:
smith@site ~ $ sudo -u root -g smith bash
As the permissions for ANY group have not been declared.
This, however:
smith ALL=(ALL:ALL) ALL
Will allow this command to be executed (assuming user tom and group sawyer exist):
smith@site ~ $ sudo -u tom -g sawyer bash
tom@site ~ $ id
uid=1023(tom) gid=1087(sawyer) groups=1047(tom),1092(sawyer)
Having said that:
Q1
(ALL:ALL) means that you can run the command as any user and any group
Yes
(ALL) means that you can run the command as any user
Yes
but your group remains the same [it remains your own group]
No, the only group allowed is root.
Q2
how does sudo decide what group you run the command as if you don't specify it on the commandline using -g?
It defaults to root
does it first try to run it as your own group and then go through a list of all the groups on your machine before finding the group that allows you to run the command?
No.
Where does it get the list of groups from and what is the order of the groups on that list?
There is no list to use, no group to search, it simply falls to default root when *:ALL is used, or to the named group if *:group is used.
Simple rules, simple actions.
Or does it just revert to using root for user and/or group when your preference for what user and/or group you want to become isn't specified?
Yes.
If that is the case, why do (ALL:ALL) when you can do (root:root) ?
Because with (ALL:ALL) you can do:
sudo -u tom -g sawyer id
But with (root:root) you can only do:
sudo -u root -g root id
Nothing else (user and group wise).
Q3
For these lines:
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
Users in the admin group may become root.
Yes, users in the group(%) admin could become ANY user (including root) (because of the (ALL)) but only the root group.
Users in the sudo group can only use the sudo command.
That is incorrect. The users in the sudo group could execute any command (the last ALL).
Users in the group(%) sudo could become any user (the (ALL:) part)
and
any group (the (:ANY) part)
AND
may execute any command (the last ALL) (not only sudo, which is specifically incorrect).
For instance, they could not sudo su
No, they could do sudo su or sudo ls or sudo anycommand.
(ALL:ALL) refers to (user:group) that sudo will use. It can be specified with -u and -g when you run sudo.
They are correct here. The command sudo -u tom -g sawyer ls is correct and valid.
If you don't specify anything it will run as root:root, which is the default.
And are correct here as well. The command sudo ls will be executed with root:root permissions.
That's how most end up using it anyway.
Correct, the most used sudo command doesn't specify either a user or group.
So, it is the "most used, anyway" (default root:root).
That confuses me... they are stating that if you can take on any group when running a command,
Yes, they state that with (ALL:ALL) sudo could take any user or group.
But:
then you are unable to become root?
No, that is not what they said.
edited Dec 30 '18 at 17:38
Jeff Schaller
39k1053125
answered Dec 25 '18 at 5:34
Isaac
11.4k11650
edited Dec 30 '18 at 17:38
Jeff Schaller
39k1053125
edited Dec 30 '18 at 17:38
Jeff Schaller
39k1053125
edited Dec 30 '18 at 17:38
Jeff Schaller
39k1053125
39k1053125
answered Dec 25 '18 at 5:34
Isaac
11.4k11650
answered Dec 25 '18 at 5:34
Isaac
11.4k11650
answered Dec 25 '18 at 5:34
Isaac
11.4k11650
11.4k11650
Thanks! that clears alot of questions for me. but with regards to "No, they are not saying that. But if they were: that would have been incorrect." What were they trying to say with what I quoted from their answer, do you know?
– modernNeo
Dec 25 '18 at 7:30
@modernNeo Maybe is clearer now.
– Isaac
Dec 25 '18 at 7:46
add a comment |
Thanks! that clears alot of questions for me. but with regards to "No, they are not saying that. But if they were: that would have been incorrect." What were they trying to say with what I quoted from their answer, do you know?
– modernNeo
Dec 25 '18 at 7:30
@modernNeo Maybe is clearer now.
– Isaac
Dec 25 '18 at 7:46
Thanks! that clears alot of questions for me. but with regards to "No, they are not saying that. But if they were: that would have been incorrect." What were they trying to say with what I quoted from their answer, do you know?
– modernNeo
Dec 25 '18 at 7:30
Thanks! that clears alot of questions for me. but with regards to "No, they are not saying that. But if they were: that would have been incorrect." What were they trying to say with what I quoted from their answer, do you know?
– modernNeo
Dec 25 '18 at 7:30
@modernNeo Maybe is clearer now.
– Isaac
Dec 25 '18 at 7:46
@modernNeo Maybe is clearer now.
– Isaac
Dec 25 '18 at 7:46
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f490835%2ftrying-to-understand-the-difference-between-modernneo-all-allall-all-and-m%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
