Are you confused by the following command on a Unix system?

sudo su –

I recently overheard a discussion about how exactly this was working and what password to use. Let’s break it down and see just how simple it is. Firstly, we are running the command “sudo”. The sudo command allows “standard” (ie non-root) users to run a selection (or all) of commands as a different user. Typically, and by default, sudo is used to run commands as the root user.

In the above command we have asked sudo to run “su -” as root. So, when we press enter we are prompted for a password (assuming sudo has not already recently been used). What password is this asking for? The root password or your user password or some other password? Well it is asking, as normal, for your user password. This is to check that you are who you claim. Once you authenticate as yourself, sudo checks the sudoers file for your authorisation to run the specified command. So, it checks if you are allowed to run “su -“. If so, “su -” is executed as the root user.

Given that “su -” is being run as root, the su command does not ask for a password. This is the same as if you are a root user running “su -” or “su – username”.

I hope this helps explain why “sudo su -” gives you a root prompt without knowing the root password. Sudo can do this too, if called (and authorised) as “sudo -i” (-i for interactive).

Note too that the “-” after the “su” is asking “su” to reset your user environment to that of the user you are switching to rather than just changing the effective UID. From the su man page “The optional argument – may be used to provide an environment similar to what the user would expect had the user logged in directly.”

After hearing the debate, I once again realised how many people blindly run commands without actually understanding what they are running.

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>