π Linux/Unix: Authentication Tools β passwd, su, sudo, /etc/sudoers Explained
𧲠Introduction β Why Learn Linux Authentication Tools?
Authentication is the first line of defense in Linux security. Whether itβs setting user passwords, switching identities, or granting privilege escalation, tools like passwd, su, sudo, and /etc/sudoers form the foundation of secure user management.
π― In this guide, youβll learn:
- How to set and manage passwords
- How to switch user identities
- How to configure and use
sudofor secure privilege elevation - How to edit and safely manage the
/etc/sudoersfile
π 1. passwd β Change User Passwords
β
What is passwd?
The passwd command allows users and admins to change user account passwords and set password aging policies.
π οΈ Syntax:
passwd [username]
π§ͺ Example 1: Change your own password
passwd
π€ Output:
Changing password for user bob.
Current password:
New password:
Retype new password:
π§ͺ Example 2: Change another user’s password (as root)
sudo passwd alice
π€ 2. su β Switch User Identity
β
What is su?
su stands for substitute user. It lets you switch to another user account (including root) by authenticating with their password.
π οΈ Syntax:
su [username]
π§ͺ Example 1: Switch to root user
su -
π€ Output:
Prompts for the root password. The - starts a full login shell.
π§ Requires root password. Not preferred for shared access environments.
βοΈ 3. sudo β Run Commands as Another User
β
What is sudo?
sudo lets permitted users run commands as root or another user, without knowing their password, using rules defined in /etc/sudoers.
π οΈ Syntax:
sudo command
π§ͺ Example 1: Run a privileged command
sudo apt update
π€ Output:
Prompts for your user password (not root’s) and executes the command as root.
π Sudo Features:
- Logs all commands (auditability)
- Enforces role-based access
- Can restrict or allow specific commands
π§ After entering your password once, sudo grants a 5-minute grace period by default.
π 4. /etc/sudoers β Sudo Permissions File
β
What is /etc/sudoers?
It defines which users can run which commands as root. Must be edited carefully using visudo to avoid syntax errors that can lock out all users.
π Open with:
sudo visudo
π§ͺ Common Syntax:
username ALL=(ALL) ALL
πΉ Grant john root privileges:
john ALL=(ALL:ALL) ALL
πΉ Allow deploy to restart nginx only:
deploy ALL=NOPASSWD: /bin/systemctl restart nginx
πΉ Group-based Access:
%sudo ALL=(ALL:ALL) ALL
β
Anyone in the sudo group has root privileges via sudo.
π Tool Comparison Table
| Command/File | Purpose | Requires Password | Role-Based Access | Logging Support |
|---|---|---|---|---|
passwd | Change passwords | β Yes | β No | β No |
su | Switch users (usually root) | β Yes (targetβs pw) | β No | β No |
sudo | Run commands as another user | β Yes (your pw) | β Yes | β Yes |
/etc/sudoers | Configure sudo permissions | β Not a command | β Yes | β Yes (via sudo) |
π Summary β Recap & Next Steps
Authentication tools like passwd, su, and sudo are vital for secure access control in Linux. Properly managing /etc/sudoers ensures that only authorized users can perform sensitive operations without compromising system integrity.
π Key Takeaways:
- Use
passwdto manage user authentication securely. - Prefer
sudooversufor better control and auditing. - Use
visudoto safely edit/etc/sudoers. - Grant fine-grained privileges without exposing root passwords.
β FAQs
β Whatβs the difference between su and sudo?
β
su requires the target user’s password. sudo uses your own password to run commands as root or another user based on /etc/sudoers.
β How can I give a user sudo access?
β
Add the user to the sudo group:
sudo usermod -aG sudo username
β Why should I use visudo instead of editing /etc/sudoers directly?
β
visudo checks for syntax errors and prevents file corruption that could lock you out.
β Can I limit what commands a sudo user can run?
β
Yes. In /etc/sudoers, assign specific commands:
bob ALL=NOPASSWD: /usr/bin/systemctl restart apache2
β Where are sudo logs stored?
β
Typically in:
/var/log/auth.log # Debian/Ubuntu
/var/log/secure # RHEL/CentOS
Share Now :
