Sudo username is different other than root user

Question

I was trying to perform some root-level action on my Ubuntu server. When I switched to the root user, I found that the username is different. I usually switch to the root user with the following command:

sudo su -

But the prompt was showing as a different user: webadm-dev. I checked on the /etc/shadow if anyone tried to add some user and I found nothing. I tried to switch to the root user (after switching back to the logged in user) with the following:

sudo su - root

It got changed. I exited back and tried to run my usual command again:

sudo su -

and the username is changed back to the root user. I am not able to understand the behavior of this command and this weird change. Please help!

EDIT 1: The behavior of the user change in root prompt was only once and was never seen again.

@Rinzwind what difference would it make by using sudo -i instead of sudo su -? — beingadityak, Jul 25 '19 at 08:30
'sudo su -' vs 'sudo -i' vs 'sudo /bin/bash' - when does it matter which is used, or does it matter at all? — Ravexina, Jul 25 '19 at 08:31
That link is missing something: sudo -i logs as the user used, not as root. — Rinzwind, Jul 25 '19 at 08:36
Also, how does a prompt for a user changes if the user itself is not present in the /etc/shadow file? This happened when I performed the switch to root using the mentioned command — beingadityak, Jul 25 '19 at 08:36
I have myself never seen happen what you describe sorry. AFAIK sudo su - should always change to root. Nothing else. — Rinzwind, Jul 25 '19 at 08:41
Hi, beingadityak, whether it is some VPS within Azure or Google cloud or it is a native installation? — pa4080, Jul 25 '19 at 09:11
In this case, the answer of your inquiry already must exist somewhere in the Amazon EC2's documentation. — pa4080, Jul 25 '19 at 10:15
Also the user webadm-dev probably is defined somewhere in your control panel. Unfortunately I haven't any experience with this cloud provider and can't provide further help. — pa4080, Jul 25 '19 at 10:23
@pa4080 I found out from the documentation that this user is somewhat related with webadm (something related to WebADM control center). Thanks for the help everyone! — beingadityak, Jul 25 '19 at 10:46
Unless this is a reproducible condition I'm not sure anyone is going to be able to offer much - right now, we don't even know whether su actually changed to a non-root user, or whether it was just an issue with the PS1 prompt string. — steeldriver, Jul 25 '19 at 11:46
@steeldriver it doesn't look like this will be reproducible at the moment. On that part I will be closing this out. I'll update the thread with an explaination for now. If this happens again, I'll update the description. — beingadityak, Jul 26 '19 at 05:01
@steeldriver for verifying whether anything was wrong with PS1, I checked whoami and it showed non-root user in the root prompt — beingadityak, Jul 26 '19 at 05:51

score 1 · Accepted Answer · answered Jul 26 '19 at 05:31

The behavior of sudo su - is as follows:

This will open a login shell, so /etc/profile, .profile and .bashrc are loaded and this will take the user to the root's home directory and will use the root's environment.

As discussed in the question's comments, the other approach to use a root shell is to run sudo -i. The behavior of sudo -i is as follows:

It is nearly the same as sudo su - The -i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as .profile, .bashrc or .login will be read and executed by the shell.

The reason sudo -i is preferred over sudo su - is the command will log as the user used, not as root, enabling easy auditing of the commands (who ran what) in a multi-user environment.

On the other part of the question (why is the prompt showing as a different user) it is unknown for the time being why that behavior was shown in the first place. Since the environment had some other auditing software installed (WebADM to be specific) something was done by that user. That behavior was not reproducible and was more of an edge case.

This topic is not directly related to your inquiry, but I think it could be interesting for you: How do I find who is logged-in as root? — pa4080, Jul 30 '19 at 13:54

Sudo username is different other than root user

1 Answers1