3

I was trying to perform some root-level action on my Ubuntu server. When I switched to the root user, I found that the username is different. I usually switch to the root user with the following command:

sudo su -

But the prompt was showing as a different user: webadm-dev. I checked on the /etc/shadow if anyone tried to add some user and I found nothing. I tried to switch to the root user (after switching back to the logged in user) with the following:

sudo su - root

It got changed. I exited back and tried to run my usual command again:

sudo su -

and the username is changed back to the root user. I am not able to understand the behavior of this command and this weird change. Please help!

EDIT 1: The behavior of the user change in root prompt was only once and was never seen again.

beingadityak
  • 166
  • 1
  • 12
  • 3
    No you use `sudo -i` to go to a root prompt ;-) – Rinzwind Jul 25 '19 at 08:29
  • @Rinzwind what difference would it make by using `sudo -i` instead of `sudo su -`? – beingadityak Jul 25 '19 at 08:30
  • 1
    ['sudo su -' vs 'sudo -i' vs 'sudo /bin/bash' - when does it matter which is used, or does it matter at all?](https://askubuntu.com/questions/376199/sudo-su-vs-sudo-i-vs-sudo-bin-bash-when-does-it-matter-which-is-used) – Ravexina Jul 25 '19 at 08:31
  • 1
    That link is missing something: sudo -i logs as the user used, not as root. – Rinzwind Jul 25 '19 at 08:36
  • Also, how does a prompt for a user changes if the user itself is not present in the `/etc/shadow` file? This happened when I performed the switch to root using the mentioned command – beingadityak Jul 25 '19 at 08:36
  • I have myself never seen happen what you describe sorry. AFAIK sudo su - should always change to root. Nothing else. – Rinzwind Jul 25 '19 at 08:41
  • Hi, beingadityak, whether it is some VPS within Azure or Google cloud or it is a native installation? – pa4080 Jul 25 '19 at 09:11
  • 1
    @pa4080 This is a server hosted on Amazon EC2 – beingadityak Jul 25 '19 at 10:08
  • In this case, the answer of your inquiry already must exist somewhere in the Amazon EC2's documentation. – pa4080 Jul 25 '19 at 10:15
  • Also the user `webadm-dev` probably is defined somewhere in your control panel. Unfortunately I haven't any experience with this cloud provider and can't provide further help. – pa4080 Jul 25 '19 at 10:23
  • 1
    @pa4080 I found out from the documentation that this user is somewhat related with webadm (something related to WebADM control center). Thanks for the help everyone! – beingadityak Jul 25 '19 at 10:46
  • Unless this is a **reproducible** condition I'm not sure anyone is going to be able to offer much - right now, we don't even know whether `su` actually changed to a non-root user, or whether it was just an issue with the `PS1` prompt string. – steeldriver Jul 25 '19 at 11:46
  • @steeldriver it doesn't look like this will be **reproducible** at the moment. On that part I will be closing this out. I'll update the thread with an explaination for now. If this happens again, I'll update the description. – beingadityak Jul 26 '19 at 05:01
  • @steeldriver for verifying whether anything was wrong with `PS1`, I checked `whoami` and it showed non-root user in the root prompt – beingadityak Jul 26 '19 at 05:51

1 Answers1

1

The behavior of sudo su - is as follows:

  • This will open a login shell, so /etc/profile, .profile and .bashrc are loaded and this will take the user to the root's home directory and will use the root's environment.

As discussed in the question's comments, the other approach to use a root shell is to run sudo -i. The behavior of sudo -i is as follows:

  • It is nearly the same as sudo su - The -i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as .profile, .bashrc or .login will be read and executed by the shell.

The reason sudo -i is preferred over sudo su - is the command will log as the user used, not as root, enabling easy auditing of the commands (who ran what) in a multi-user environment.

On the other part of the question (why is the prompt showing as a different user) it is unknown for the time being why that behavior was shown in the first place. Since the environment had some other auditing software installed (WebADM to be specific) something was done by that user. That behavior was not reproducible and was more of an edge case.

beingadityak
  • 166
  • 1
  • 12
  • This topic is not directly related to your inquiry, but I think it could be interesting for you: [How do I find who is logged-in as root?](https://askubuntu.com/q/980950/566421) – pa4080 Jul 30 '19 at 13:54