Giving away root password to anyone

In [ ]:
In [ ]:
In [2]:
echo $USER

as login shell:

In [ ]:
su - # same as -l or --login

use different shell:

In [4]:
cat /etc/shells
In [5]:
whatis rbash
rbash (1)            - restricted bash, see bash(1)
In [ ]:
su -s /bin/sh # --shell
In [ ]:
su -l milad

Bash config aka startup files.

/etc/profile /etc/bash.bashrc

In [7]:
ls -A /etc/skel
.bash_logout  .bashrc  .profile

As a login shell

When bash is invoked as an interactive login shell, or as a non-interactive shell with the --login option, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and exe‐cutes commands from the first one that exists and is readable.

~/.bash_profile > ~/.bash_login > ~/.profile

As an interactive shell

When an interactive shell that is not a login shell is started, bash reads and executes commands from /etc/bash.bashrc and ~/.bashrc, if these files exist.

/etc/bash.bashrc > ~/.bashrc

While closing a login shell

When a login shell exits, bash reads and executes commands from the file ~/.bash_logout, if it exists.

And after all ~/.bashrc will sources ~/.bash_aliases if it exists.

In [11]:
grep -v '^#' ~/.profile

if [ -n "$BASH_VERSION" ]; then
    # include .bashrc if it exists
    if [ -f "$HOME/.bashrc" ]; then
	. "$HOME/.bashrc"



In [22]:
id -Gn
milad adm cdrom sudo dip plugdev lpadmin sambashare wireshark docker
In [25]:
grep milad /etc/group | cut -f1 -d: | tr '\n' ' '
adm cdrom sudo dip plugdev milad lpadmin sambashare wireshark docker 
In [28]:
id root -G; id root -Gn
In [26]:
cat /etc/sudoers
cat: /etc/sudoers: Permission denied

In [ ]:
sudo cat /etc/sudoers
# Resets the terminal environment after switching to root. So, ie: all user set variables are removed
# commands to be executed with a new, minimal environment.
Defaults        env_reset

# Send mail to the mailto user if the user running sudo does not enter the correct password.
Defaults        mail_badpass

Defaults        insults

# User privilege specification
# lets root do everything on any machine as any user.
root     ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
# Anybody in the admin group run anything as any user
%admin   ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo    ALL=(ALL:ALL) ALL

Who can run what as who

who host=(user:group) options:commands

<user list> <host list> = (<operator list>) <tag list>: <command list>

  • host: sharing asudoers file (ALL/Name)
  • user: -u
  • group: -g
  • options: tags (NOEXEC, NOPASSWD, PASSWD, etc)

Bellow line would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm as root on the machine rushmore without authenticating himself.

ray     rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

If we only want ray to be able to run /bin/kill without a password the entry would be:

ray     rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm

What does this line do?

In [ ]:
EDITOR=nano sudo visudo


User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias.

There are also built in aliases called ALL which match everything where they are used.

User Aliases

 # Everybody in the "admin" group
 User_Alias ADMINS = %admin

 # Only specified users
 User_Alias LADMINS = milad, rajab, jafar

 # Everyone in ADMINS alias except the ones are in LADMINS

Host Aliases

 Host_Alias SRV =,, debian-dns
 Host_Alias SRVS =

Cmnd Aliases

 Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff, /sbin/reboot, /sbin/halt

Change user (switch to)

In [ ]:
sudo -i -u milad # Close to `su -`; login shell
In [ ]:
sudo -u milad -i /bin/dash # specify shell
In [ ]:
sudo -s -u milad # non-login shell
In [ ]:
sudo -u milad -s /bin/dash # specify

gksudo, gksu

gksu is a frontend to su and gksudo is a frontend to sudo.

In [ ]:
gksudo thunar # asks for my password
In [ ]:
gksu thunar # root pass - defaults to use "sudo mode" root is disabled right?
In [2]:
ls -l `which gksudo`
lrwxrwxrwx 1 root root 4 Dec 25  2014 /usr/bin/gksudo -> gksu
In [ ]:
gksu --su-mode gufw
In [ ]:
gksu -u milad thunar
In [ ]:
sudo -H thunar


man page of sudo, su. gksudo

Lecture notes


Creative Commons License

Linux Notes by Milad As (Ravexina) is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

ravexina's gitlab

ravexina's github