About nixCraft

Topics

FreeBSD > Becoming super user (su) or enabling su access to user

Posted by Vivek Gite [Last updated: November 8, 2006]

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. You need to become super user (root) only when tasks need root permissions. Here is how to become super user:

1) At shell prompt type su and press enter key, when prompted for password supply root user password:
$ su
password:
#

2) To exit super user status type exit or press CTRL+D
# exit>
$

Please note that if you get an error su: Sorry for normal user account. Following workaround needed to get rid of this problem/error:

1) For security, reason FreeBSD only allows su to root user, if user is member of wheel group. Wheel group is a special group for administration purpose. Add your normal user to this group using pw command using following:
# pw user mod username -G wheel

2) So to add user vivek to group wheel run command as follows:
# pw user mod vivek -G wheel
# groups vivek

vivek wheel

3) Now su will work for vivek user.

You can disable this behavior complete for all users (not recommended until and unless you trust ALL of users):
1) Open pam configuration file for su using text editor:
# vi /etc/pam.d/su

2) Look for following line and comment it out:
Line:
auth requisite pam_wheel.so no_warn auth_as_self noroot_ok exempt_if_empty
Replace with:
#auth requisite pam_wheel.so no_warn auth_as_self noroot_ok exempt_if_empty

3) Now all users can use su command.

Tell us how we're doing: Please answer a few questions about your experience to help us improve nixCraft.

You may also be interested in other helpful articles:

Discussion on This Article:

  1. Anonymous Says:

    You do not necessiarily need to enable root (it COULD be a a risk to open that acoount up ;-)
    try ’sudo su’ and you will be promoted to root WITHOUT enabling root!

  2. LinuxTitli Says:

    FreeBSD : Using sudo

    You are correct. For those who are not familiar with sudo under FreeBSD here is small how-to:

    1) What is sudo?
    sudo is security tool/utility which allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers (/usr/local/etc/sudoers) file. It supposes to replace traditional su command which is discussed above.

    2) How do I install sudo?
    By default, sudo is not installed; you can install it from ports collection or from installation media such as DVD/CDROM. However, make sure it is not installed with following command:
    #pkg_info | grep sudo

    If sudo package already installed it will display in output else use any one of the following method to install sudo.

    Method # 1 : Install sudo from CD/DVDROM
    a) Login as root user

    b) Mount cdrom drive
    # mount /cdrom

    c) Change directory to security directory where sudo binary package is stored on disk:
    # cd /cdrom/packages/security/

    d) Install the sudo:
    # pkg_add -v sudo*

    Method # 2: Using ports (recommended)

    a)Goto sudo ports directory:
    # cd /usr/ports/security/sudo

    b) Download, compile and install sudo:
    # make install clean

    Main sudo configuration file is usr/local/etc/sudoers. You can edit this file directly or use visudo command

    rdl fbsd.test.com=/sbin/su

    Save the file

    rdl : Name of user who can execute /sbin/su command for fbsd.test.com host

    Now you rdl can execute the command (when prompted for password supply rdl users password)
    $ sudo /sbin/su

    See su and sudo man pages for more information.

  3. ken Says:

    thanks, this helped me get su and sudo setup for my user account.

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.