What does “ALL ALL=(ALL) ALL” mean in sudoers?












8















If a server has the following in /etc/sudoers:



Defaults targetpw
ALL ALL=(ALL) ALL


Then what does this mean? all the users can sudo to all the commands, only their password is needed?










share|improve this question




















  • 5





    It means "security Nirvana", that's what it means. ;)

    – lcd047
    May 6 '15 at 20:51
















8















If a server has the following in /etc/sudoers:



Defaults targetpw
ALL ALL=(ALL) ALL


Then what does this mean? all the users can sudo to all the commands, only their password is needed?










share|improve this question




















  • 5





    It means "security Nirvana", that's what it means. ;)

    – lcd047
    May 6 '15 at 20:51














8












8








8


5






If a server has the following in /etc/sudoers:



Defaults targetpw
ALL ALL=(ALL) ALL


Then what does this mean? all the users can sudo to all the commands, only their password is needed?










share|improve this question
















If a server has the following in /etc/sudoers:



Defaults targetpw
ALL ALL=(ALL) ALL


Then what does this mean? all the users can sudo to all the commands, only their password is needed?







sudo






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 7 '15 at 16:37







LoukiosValentine79

















asked May 6 '15 at 19:29









LoukiosValentine79LoukiosValentine79

4292931




4292931








  • 5





    It means "security Nirvana", that's what it means. ;)

    – lcd047
    May 6 '15 at 20:51














  • 5





    It means "security Nirvana", that's what it means. ;)

    – lcd047
    May 6 '15 at 20:51








5




5





It means "security Nirvana", that's what it means. ;)

– lcd047
May 6 '15 at 20:51





It means "security Nirvana", that's what it means. ;)

– lcd047
May 6 '15 at 20:51










2 Answers
2






active

oldest

votes


















7














From the sudoers(5) man page:




The sudoers policy plugin determines a user's sudo privileges.




For the targetpw:




sudo will prompt for the password of the user specified by the -u option (defaults to root) instead of the password of the invoking user when running a command or editing a file.




sudo(8) allows you to execute commands as someone else



So, basically it says that any user can run any command on any host as any user and yes, the user just has to authenticate, but with the password of the other user, in order to run anything.



The first ALL is the users allowed
The second one is the hosts
The third one is the user as you are running the command
The last one is the commands allowed





share|improve this answer


























  • Thanks! In the meantime I found the "Defaults targetpw" entry in sudoers.. updated the Q

    – LoukiosValentine79
    May 7 '15 at 16:37











  • @LoukiosValentine79 I just update the answer, does that answer your question?

    – poz2k4444
    May 7 '15 at 18:24











  • wait he has to enter his own password not of the other user right?

    – evan54
    Feb 28 '16 at 20:24











  • with targetpw the one of the other (target) user

    – x-yuri
    May 19 '17 at 12:20



















0














@poz2k4444
if the second ALL stands for hosts, then why I can't use sudo like this:
enter image description hereenter image description here





share








New contributor




Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f201858%2fwhat-does-all-all-all-all-mean-in-sudoers%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    7














    From the sudoers(5) man page:




    The sudoers policy plugin determines a user's sudo privileges.




    For the targetpw:




    sudo will prompt for the password of the user specified by the -u option (defaults to root) instead of the password of the invoking user when running a command or editing a file.




    sudo(8) allows you to execute commands as someone else



    So, basically it says that any user can run any command on any host as any user and yes, the user just has to authenticate, but with the password of the other user, in order to run anything.



    The first ALL is the users allowed
    The second one is the hosts
    The third one is the user as you are running the command
    The last one is the commands allowed





    share|improve this answer


























    • Thanks! In the meantime I found the "Defaults targetpw" entry in sudoers.. updated the Q

      – LoukiosValentine79
      May 7 '15 at 16:37











    • @LoukiosValentine79 I just update the answer, does that answer your question?

      – poz2k4444
      May 7 '15 at 18:24











    • wait he has to enter his own password not of the other user right?

      – evan54
      Feb 28 '16 at 20:24











    • with targetpw the one of the other (target) user

      – x-yuri
      May 19 '17 at 12:20
















    7














    From the sudoers(5) man page:




    The sudoers policy plugin determines a user's sudo privileges.




    For the targetpw:




    sudo will prompt for the password of the user specified by the -u option (defaults to root) instead of the password of the invoking user when running a command or editing a file.




    sudo(8) allows you to execute commands as someone else



    So, basically it says that any user can run any command on any host as any user and yes, the user just has to authenticate, but with the password of the other user, in order to run anything.



    The first ALL is the users allowed
    The second one is the hosts
    The third one is the user as you are running the command
    The last one is the commands allowed





    share|improve this answer


























    • Thanks! In the meantime I found the "Defaults targetpw" entry in sudoers.. updated the Q

      – LoukiosValentine79
      May 7 '15 at 16:37











    • @LoukiosValentine79 I just update the answer, does that answer your question?

      – poz2k4444
      May 7 '15 at 18:24











    • wait he has to enter his own password not of the other user right?

      – evan54
      Feb 28 '16 at 20:24











    • with targetpw the one of the other (target) user

      – x-yuri
      May 19 '17 at 12:20














    7












    7








    7







    From the sudoers(5) man page:




    The sudoers policy plugin determines a user's sudo privileges.




    For the targetpw:




    sudo will prompt for the password of the user specified by the -u option (defaults to root) instead of the password of the invoking user when running a command or editing a file.




    sudo(8) allows you to execute commands as someone else



    So, basically it says that any user can run any command on any host as any user and yes, the user just has to authenticate, but with the password of the other user, in order to run anything.



    The first ALL is the users allowed
    The second one is the hosts
    The third one is the user as you are running the command
    The last one is the commands allowed





    share|improve this answer















    From the sudoers(5) man page:




    The sudoers policy plugin determines a user's sudo privileges.




    For the targetpw:




    sudo will prompt for the password of the user specified by the -u option (defaults to root) instead of the password of the invoking user when running a command or editing a file.




    sudo(8) allows you to execute commands as someone else



    So, basically it says that any user can run any command on any host as any user and yes, the user just has to authenticate, but with the password of the other user, in order to run anything.



    The first ALL is the users allowed
    The second one is the hosts
    The third one is the user as you are running the command
    The last one is the commands allowed






    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited May 7 '15 at 18:23

























    answered May 6 '15 at 20:19









    poz2k4444poz2k4444

    205111




    205111













    • Thanks! In the meantime I found the "Defaults targetpw" entry in sudoers.. updated the Q

      – LoukiosValentine79
      May 7 '15 at 16:37











    • @LoukiosValentine79 I just update the answer, does that answer your question?

      – poz2k4444
      May 7 '15 at 18:24











    • wait he has to enter his own password not of the other user right?

      – evan54
      Feb 28 '16 at 20:24











    • with targetpw the one of the other (target) user

      – x-yuri
      May 19 '17 at 12:20



















    • Thanks! In the meantime I found the "Defaults targetpw" entry in sudoers.. updated the Q

      – LoukiosValentine79
      May 7 '15 at 16:37











    • @LoukiosValentine79 I just update the answer, does that answer your question?

      – poz2k4444
      May 7 '15 at 18:24











    • wait he has to enter his own password not of the other user right?

      – evan54
      Feb 28 '16 at 20:24











    • with targetpw the one of the other (target) user

      – x-yuri
      May 19 '17 at 12:20

















    Thanks! In the meantime I found the "Defaults targetpw" entry in sudoers.. updated the Q

    – LoukiosValentine79
    May 7 '15 at 16:37





    Thanks! In the meantime I found the "Defaults targetpw" entry in sudoers.. updated the Q

    – LoukiosValentine79
    May 7 '15 at 16:37













    @LoukiosValentine79 I just update the answer, does that answer your question?

    – poz2k4444
    May 7 '15 at 18:24





    @LoukiosValentine79 I just update the answer, does that answer your question?

    – poz2k4444
    May 7 '15 at 18:24













    wait he has to enter his own password not of the other user right?

    – evan54
    Feb 28 '16 at 20:24





    wait he has to enter his own password not of the other user right?

    – evan54
    Feb 28 '16 at 20:24













    with targetpw the one of the other (target) user

    – x-yuri
    May 19 '17 at 12:20





    with targetpw the one of the other (target) user

    – x-yuri
    May 19 '17 at 12:20













    0














    @poz2k4444
    if the second ALL stands for hosts, then why I can't use sudo like this:
    enter image description hereenter image description here





    share








    New contributor




    Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.

























      0














      @poz2k4444
      if the second ALL stands for hosts, then why I can't use sudo like this:
      enter image description hereenter image description here





      share








      New contributor




      Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.























        0












        0








        0







        @poz2k4444
        if the second ALL stands for hosts, then why I can't use sudo like this:
        enter image description hereenter image description here





        share








        New contributor




        Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        @poz2k4444
        if the second ALL stands for hosts, then why I can't use sudo like this:
        enter image description hereenter image description here






        share








        New contributor




        Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.








        share


        share






        New contributor




        Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered 9 mins ago









        Bruce XieBruce Xie

        1




        1




        New contributor




        Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        Bruce Xie is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f201858%2fwhat-does-all-all-all-all-mean-in-sudoers%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            CARDNET

            Boot-repair Failure: Unable to locate package grub-common:i386

            濃尾地震