The password which sudo asks for is the invoking user's password. So a user can have superuser prilleges as long as it remembers its own password, which seem very easy for any user.
So does sudo restrict on which users can acquire superuser privileges in that way? If yes, how does it specify that a user can't acquire superuser privileges in that way? Thanks.
Yes, this behavior can be controlled in the file called /etc/sudoers on most linux systems. You can add any existing user to that file along with the permissions in specific format. You would need to have root user privileges in order to edit this file. For an example, I have configured my /etc/sudoers file to include that one specific user does not need to enter the password while gaining superuser privileges:
user ALL=(ALL) NOPASSWD: ALL
On some Linux flavors, there is a visudo command available which will open the same file for you to edit.
visudo is part of sudo and is available everywhere sudo is. sudo is also not Linux-specific.
/etc/sudoers, it will not be allowed to gain superuser access at all when using sudo. Precisely you will see this when a user not present in /etc/sudoers tries to gain access: dropbox.com/s/n558keoa7wb30p5/… and this is true for each and every command you run using sudo
/etc/sudoers file.
sudo does NOT automatically grant privs if the user password is correct.
It will always request the user password, THEN verify whether it is appropriate for the user to attain privileges (as per the /etc/sudoers file as edited by visudo by the root user). If the user fails to get privs, it is logged and if configured the administrator gets an email.
This method offers some type of security in that you cannot tell what privs the user has unless the user enters the proper account password.
Thus if the user is NOT in the sudoers file then unless the user has the root password and uses the su command, then the user cannot acquire superuser privs. There are ways to protect this type of access as well.
