Users, Root, and Sudo#

Concepts#

Users on Linux#

Every Linux system has multiple user accounts, even if you are the only person using it. Each user has:

User categories:

The first regular user created during installation gets UID 1000.

The /etc/passwd File#

Every user account is defined in /etc/passwd:

cat /etc/passwd | head -5

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
libero:x:1000:1000:Bossetti Massimo,,,:/home/libero:/bin/bash

Format: username:password:UID:GID:comment:home:shell

The /etc/shadow File#

Password hashes are stored in /etc/shadow, readable only by root:

sudo cat /etc/shadow | grep kmiguel

kmiguel:$y$j9T$...:19890:0:99999:7:::

Since it’s a hash you can’t just run sudo cat /etc/shadowif you forgot your password.

Format: username:hash:lastchange:min:max:warn:inactive:expire:

The hash starts with an algorithm identifier:

• $y$ — yescrypt (Ubuntu 24.04 default)
• $6$ — SHA-512 (Debian 12 default)
• $5$ — SHA-256
• ! or * — account is locked (cannot log in with a password)

Root — The Superuser#

Root (UID 0) is the superuser with unlimited access. Root can:

• Read, modify, or delete any file
• Install and remove software
• Modify system configuration
• Create and delete users
• Change any file’s permissions or ownership
• Access hardware directly

Danger: Root can also destroy the system. A typo like rm -rf / as root would delete everything (not anymore). This is why you should almost never log in as root directly.

sudo — Superuser Do#

sudo lets you run a single command as root without switching to the root account:

sudo apt update                   # run apt update as root
sudo nano /etc/hostname           # edit a system file as root
sudo systemctl restart ssh        # restart a service as root

How sudo works:

1. You type sudo command.
2. sudo asks for your password (not root’s password).
3. If you are in the sudo group and your password is correct, the command runs as root.
4. Your password is cached for 15 minutes (you will not be asked again immediately).

Ubuntu: The first user created during installation is automatically added to the sudo group. There is no root password set — root login is disabled by default.

Debian: If you set a root password during installation, your user is not added to the sudo group. You must use su - to become root. If you left the root password blank during installation, your user gets sudo access like Ubuntu.

su — Switch User#

su (substitute user) switches to another user account:

su - alice          # switch to alice (asks for alice's password)
su -                # switch to root (asks for root's password)
su                  # switch to root (without -, keeps current environment. DO NOT USE)

The - (or -l or --login) flag starts a login shell — it sets up the environment (PATH, HOME, etc.) as if you logged in as that user. Always use su - (with the dash) when switching to root.

sudo vs su#

Best practice: Use sudo for individual commands. Avoid running a root shell for extended periods.

The sudoers File#

The /etc/sudoers file controls who can use sudo and what they can do. Never edit it directly — always use:

sudo visudo

visudo opens the file in a safe editor that validates syntax before saving (a syntax error in sudoers can and will lock you out of sudo).

Default entry that grants full sudo to the sudo group:

%sudo   ALL=(ALL:ALL) ALL

This means: members of the sudo group can run any command as any user on any host.

Debian note: Debian uses the group name sudo (same as Ubuntu). Some older systems use wheel.

Checking Your Identity#

whoami              # print your username
id                  # show UID, GID, and all group memberships
id alice            # show alice's UID, GID, and groups
groups              # list groups you belong to
who                 # show who is currently logged in
w                   # show who is logged in and what they are doing
last                # show recent logins

Lab#

Exercise 1: Explore Your Identity#

# Who are you?
whoami

# Detailed identity
id

# What groups are you in?
groups

# Who else is logged in?
who
w

Exercise 2: Examine /etc/passwd#

# Look at the file
cat /etc/passwd

# Count the number of user accounts
wc -l /etc/passwd

# Find your entry
grep $(whoami) /etc/passwd

# Find system users (UID < 1000)
awk -F: '$3 < 1000 {print $1, $3}' /etc/passwd

# Find regular users (UID >= 1000)
awk -F: '$3 >= 1000 {print $1, $3}' /etc/passwd

# Find accounts that cannot log in
grep "nologin\|false" /etc/passwd | head -10

Exercise 3: Examine /etc/shadow#

# Try without sudo (fails)
cat /etc/shadow
# Permission denied

# With sudo
sudo cat /etc/shadow | head -5

# Find your entry
sudo grep $(whoami) /etc/shadow

# Check the password hash algorithm
# Look for $y$ (yescrypt), $6$ (SHA-512), etc.

Exercise 4: Use sudo#

# Run a command as root
sudo whoami
# Output: root

# Edit a system file
sudo cat /etc/hostname

# Check sudo privileges
sudo -l
# Shows what commands you are allowed to run with sudo

# Run a command as a different user
sudo -u www-data whoami
# Output: www-data (if that user exists)

Exercise 5: sudo vs su#

# Run a single command as root with sudo
sudo ls /root
# Runs one command and returns to your normal user

# Start a root shell with sudo (for demonstration — avoid in practice)
sudo -s
whoami
# root
exit
# Back to your normal user

# If on Debian with a root password set:
# su -
# (enter root's password)
# whoami → root
# exit

Exercise 6: Check Recent Login History#

# Who has logged in recently
last | head -20

# Failed login attempts (requires sudo)
sudo lastb | head -10
# (may be empty on a fresh system)

# Your login history specifically
last $(whoami)

Review#

Previous: Special Permissions | Next: Managing Users and Groups