How does the âsuâ command work internally?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I am tying to understand how the su
command work internally.
Say that I did the following:
su someUser
The following is what I think will happen:
su
will ask me for the password ofsomeUser
.su
will hash the entered password.su
will compare the entered password with the password in the/etc/shadow
file, and if the two passwords are the same, thensu
will
launch the default shell forsomeUser
(which exist in/etc/passwd
), andsu
will set the user IDs and group IDs of the launched shell to the user IDs and group IDs ofsomeUser
.
Note that su
has the setuid
bit set, so su
will run with root privileges.
Am I correct?
linux process su
add a comment |Â
up vote
1
down vote
favorite
I am tying to understand how the su
command work internally.
Say that I did the following:
su someUser
The following is what I think will happen:
su
will ask me for the password ofsomeUser
.su
will hash the entered password.su
will compare the entered password with the password in the/etc/shadow
file, and if the two passwords are the same, thensu
will
launch the default shell forsomeUser
(which exist in/etc/passwd
), andsu
will set the user IDs and group IDs of the launched shell to the user IDs and group IDs ofsomeUser
.
Note that su
has the setuid
bit set, so su
will run with root privileges.
Am I correct?
linux process su
Yes, but su doesn't directly access/etc/shadow
, it uses pam for this. (/etc/pam.d/su
)
â Ipor Sircer
Dec 6 '17 at 1:08
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am tying to understand how the su
command work internally.
Say that I did the following:
su someUser
The following is what I think will happen:
su
will ask me for the password ofsomeUser
.su
will hash the entered password.su
will compare the entered password with the password in the/etc/shadow
file, and if the two passwords are the same, thensu
will
launch the default shell forsomeUser
(which exist in/etc/passwd
), andsu
will set the user IDs and group IDs of the launched shell to the user IDs and group IDs ofsomeUser
.
Note that su
has the setuid
bit set, so su
will run with root privileges.
Am I correct?
linux process su
I am tying to understand how the su
command work internally.
Say that I did the following:
su someUser
The following is what I think will happen:
su
will ask me for the password ofsomeUser
.su
will hash the entered password.su
will compare the entered password with the password in the/etc/shadow
file, and if the two passwords are the same, thensu
will
launch the default shell forsomeUser
(which exist in/etc/passwd
), andsu
will set the user IDs and group IDs of the launched shell to the user IDs and group IDs ofsomeUser
.
Note that su
has the setuid
bit set, so su
will run with root privileges.
Am I correct?
linux process su
edited Dec 6 '17 at 0:48
Jeff Schaller
32k848109
32k848109
asked Dec 6 '17 at 0:48
user7681202
237414
237414
Yes, but su doesn't directly access/etc/shadow
, it uses pam for this. (/etc/pam.d/su
)
â Ipor Sircer
Dec 6 '17 at 1:08
add a comment |Â
Yes, but su doesn't directly access/etc/shadow
, it uses pam for this. (/etc/pam.d/su
)
â Ipor Sircer
Dec 6 '17 at 1:08
Yes, but su doesn't directly access
/etc/shadow
, it uses pam for this. ( /etc/pam.d/su
)â Ipor Sircer
Dec 6 '17 at 1:08
Yes, but su doesn't directly access
/etc/shadow
, it uses pam for this. ( /etc/pam.d/su
)â Ipor Sircer
Dec 6 '17 at 1:08
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
su doesn't do any password stuff in most Linux distros. Instead it delegates authn/authz to PAM and only handles the user-changing.
Yup.
â JdeBP
Dec 6 '17 at 7:04
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
su doesn't do any password stuff in most Linux distros. Instead it delegates authn/authz to PAM and only handles the user-changing.
Yup.
â JdeBP
Dec 6 '17 at 7:04
add a comment |Â
up vote
2
down vote
su doesn't do any password stuff in most Linux distros. Instead it delegates authn/authz to PAM and only handles the user-changing.
Yup.
â JdeBP
Dec 6 '17 at 7:04
add a comment |Â
up vote
2
down vote
up vote
2
down vote
su doesn't do any password stuff in most Linux distros. Instead it delegates authn/authz to PAM and only handles the user-changing.
su doesn't do any password stuff in most Linux distros. Instead it delegates authn/authz to PAM and only handles the user-changing.
answered Dec 6 '17 at 1:08
Ignacio Vazquez-Abrams
32.1k66780
32.1k66780
Yup.
â JdeBP
Dec 6 '17 at 7:04
add a comment |Â
Yup.
â JdeBP
Dec 6 '17 at 7:04
Yup.
â JdeBP
Dec 6 '17 at 7:04
Yup.
â JdeBP
Dec 6 '17 at 7:04
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f409066%2fhow-does-the-su-command-work-internally%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Yes, but su doesn't directly access
/etc/shadow
, it uses pam for this. (/etc/pam.d/su
)â Ipor Sircer
Dec 6 '17 at 1:08