To check the sudo password, we need root permission to even read the /etc/shadow file. But how sudo checks password?
Asked
Active
Viewed 196 times
2 Answers
2
Since the other answer is just wrong: sudo is owned by root and has the setuid bit set, which means it runs as its owner (root) rather than as whoever launched it. This allows it to verify your password hash against /etc/shadow (or any other authentication provider). This also lets it read /etc/sudoers, which is only readable by root.
CBHacking
- 40,303
- 3
- 74
- 98
1
$ ls -l `which sudo`
-rwsr-xr-x 1 root root ... /usr/bin/sudo
^
sudo has the setuid attribute set (see the "s" at the marked position), which causes it to run with the effective uid of the file owner, i.e. root. This gives it the necessary permissions for the password check.
Steffen Ullrich
- 184,332
- 29
- 363
- 424
-
2That is neither the indicator for the sticky bit, nor what the sticky bit does! Did you confuse sticky with setuid? Sticky bit on files does [*literally nothing*](https://en.wikipedia.org/wiki/Sticky_bit) on Linux – CBHacking Aug 08 '21 at 02:26
-
@CBHacking: you are right. What I marked and what has the described function is not the sticky bit but the setuid attribute. I've fixed the explanation, i.e. changed the name of the bit and linked to the correct Wikipedia page - since the rest is IMHO correct. – Steffen Ullrich Aug 08 '21 at 04:27