How to switch users and sudo access
Learning Linux - Section 5.6
The sudo command is explored in this section along with how to switch users, using the command line.
Only basic commands are used, that are available in any Linux distribution and Unix based system.
How to switch users and sudo access
Commands covered
su - usernamesudo <command>visudo
Relevant file
- /etc/sudoers
Routine commands to run after login into a VM
Since a virtual machine is used for all the sections and exercises, one should make sure that the following values are what they should be.
whoami: Which user am I?
1
2
3
~ $ whoami
tklein
~ $
pwd: What is my current absolute path?
1
2
3
~ $ pwd
/home/tklein
~ $
hostname: On which host am I currently?
1
2
3
~ $ hostname
localhost.localdomain
~ $
su and sudo
Command: su - username
One enters the ‘username’ of the account one wants to become. If left blank,
it defaults to ‘username’ == root
Becoming user root and staying root until one decides to exit the root account,
is done like demonstrated below. One must have sufficient permissions to become root and know the password for the
root user account.
1
2
3
4
~ $ su -
Password:
Last login: Sun Dec 26 23:05:13 CET 2021 on pts/0
root *
While root, one can change into any other username, without being prompted to enter that username’s password.
1
2
3
4
5
~ $ su -
Password:
Last login: Mon Dec 27 09:56:48 CET 2021 on pts/0
root * su - kate
[kate@localhost ~]$
Exiting the root account again is done by entering exit after one’s prompt.
1
2
3
4
5
root * exit
logout
~ $ whoami
tklein
~ $
Command: sudo <command>
The sudo command lets a user, who can not become root himself. It allows such a user
to run commands, that only user root can run usually, if they are in group wheel for example or in the sudoers file.
Two commands that can only be run by root are dmidecode and fdisk -l, to run these one has to
1
2
3
4
5
6
7
8
9
10
~ $ dmidecode
# dmidecode 3.2
/sys/firmware/dmi/tables/smbios_entry_point: Permission denied
Scanning /dev/mem for entry point.
/dev/mem: Permission denied
~ $ fdisk -l
fdisk: cannot open /dev/sda: Permission denied
fdisk: cannot open /dev/mapper/centos-root: Permission denied
fdisk: cannot open /dev/mapper/centos-swap: Permission denied
~ $
One can add or change the permissions that a user has, to let them become root for example or
to let them run any command in the shell, if they are a member of group wheel by default. This
group is by default listed in the file visudo.
Example
The example comes from a file that can be accessed by running visudo with root privileges.
1
2
3
4
5
6
7
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
will ALL=(ALL) ALL # Only an example
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
usermod -aG
Adding account ‘tklein’ to group wheel
1
2
root * usermod -aG wheel tklein
root *
Verification
- Using
id <username>one gets all the groups the user is a member of. grep "wheel" /etc/groupwill print a line from the /etc/group file, to verify the changes.
1
2
3
4
5
root * id tklein
uid=1000(tklein) gid=1000(tklein) groups=1000(tklein),10(wheel)
root * grep "wheel" /etc/group
wheel:x:10:tklein
root *
Retrying dmidecode and fdisk commands
After it was not able to run either dmidecode or fdisk -l using my user account tklein,
now it is possible to run dmidecode being part of group wheel:
dmidecode
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[will@localhost ~]$ su - tklein
Password:
Last login: Mon Dec 27 15:20:49 CET 2021 on pts/1
~ $ whoami
tklein
~ $ sudo dmidecode
[sudo] password for tklein:
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 2.5 present.
10 structures occupying 450 bytes.
Table at 0x3EFFD020.
Handle 0x0000, DMI type 0, 20 bytes
BIOS Information
Vendor: innotek GmbH
Version: VirtualBox
Release Date: 12/01/2006
Address: 0xE0000
Runtime Size: 128 kB
ROM Size: 128 kB
Characteristics:
ISA is supported
PCI is supported
Boot from CD is supported
Selectable boot is supported
8042 keyboard services are supported (int 9h)
CGA/mono video services are supported (int 10h)
ACPI is supported
UEFI is supported
Handle 0x0001, DMI type 1, 27 bytes
Handle 0x0001, DMI type 1, 27 bytes
System Information
Manufacturer: innotek GmbH
Product Name: VirtualBox
Version: 1.2
Serial Number: 0
UUID: 008f59e3-ffb4-5947-aaba-763e1257b612
Wake-up Type: Power Switch
SKU Number: Not Specified
Family: Virtual Machine
Handle 0x0008, DMI type 2, 15 bytes
...
The fdisk -l command:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
~ $ sudo fdisk -l
WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.
Disk /dev/sda: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: gpt
Disk identifier: 8C3022AF-D83D-4714-A904-26629F38B595
# Start End Size Type Name
1 2048 411647 200M EFI System EFI System Partition
2 411648 2508799 1G Microsoft basic
3 2508800 20969471 8.8G Linux LVM
Disk /dev/mapper/centos-root: 8376 MB, 8376025088 bytes, 16359424 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/centos-swap: 1073 MB, 1073741824 bytes, 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
~ $
