FreeBSD: Becoming Super User (su) or Enabling su Access For User Account

by on February 23, 2005 · 11 comments· LAST UPDATED May 7, 2012

in

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. You need to become super user (root) only when tasks need root permissions. Here is how to become a super user:

At the shell prompt type su - and press enter key, when prompted for password supply root user password:
$ su -
Sample outputs:

password:
#

The su command requests appropriate user credentials via PAM and switches oo that user ID (the default user is the superuser). A shell is then executed. Type exit or press CTRL+D to exit from superuser session, enter:
# exit

su: Sorry for normal user account error and solution

If you get an error that read as follows:

su: Sorry for normal user account.

You can fix this problem by adding user account to the wheel group. PAM is used to set the policy su will use. In particular, by default only users in the wheel group can switch to UID 0 (root). This group requirement may be changed by modifying the pam_group section of /etc/pam.d/su file. wheel is a special group for system administration purpose. Add your normal user to this group using the pw command. The syntax is:

 
pw user  mod  username -G wheel
 

In this example add a user called vivek to the group called wheel, enter:
# pw user mod vivek -G wheel
# groups vivek

Sample outputs:

vivek wheel

You can disable this behavior complete for all users (not recommended until and unless you trust ALL of your users). Open pam configuration file for su using a text editor such as vi or vim:
# vi /etc/pam.d/su

Find the following line and comment it out:
auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
Replace with:
#auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
Save and close the file. Now all users can use su command to become root or superuser.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 11 comments… read them below or add one }

1 Anonymous May 1, 2005 at 1:21 am

You do not necessiarily need to enable root (it COULD be a a risk to open that acoount up ;-)

try ‘sudo su’ and you will be promoted to root WITHOUT enabling root!

Reply

2 LinuxTitli May 9, 2005 at 12:55 pm

FreeBSD : Using sudo

You are correct. For those who are not familiar with sudo under FreeBSD here is small how-to:

1) What is sudo?
sudo is security tool/utility which allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers (/usr/local/etc/sudoers) file. It supposes to replace traditional su command which is discussed above.

2) How do I install sudo?
By default, sudo is not installed; you can install it from ports collection or from installation media such as DVD/CDROM. However, make sure it is not installed with following command:
#pkg_info | grep sudo

If sudo package already installed it will display in output else use any one of the following method to install sudo.

Method # 1 : Install sudo from CD/DVDROM
a) Login as root user

b) Mount cdrom drive
# mount /cdrom

c) Change directory to security directory where sudo binary package is stored on disk:
# cd /cdrom/packages/security/

d) Install the sudo:
# pkg_add -v sudo*

Method # 2: Using ports (recommended)

a)Goto sudo ports directory:
# cd /usr/ports/security/sudo

b) Download, compile and install sudo:
# make install clean

Main sudo configuration file is usr/local/etc/sudoers. You can edit this file directly or use visudo command

rdl fbsd.test.com=/sbin/su

Save the file

rdl : Name of user who can execute /sbin/su command for fbsd.test.com host

Now you rdl can execute the command (when prompted for password supply rdl users password)
$ sudo /sbin/su

See su and sudo man pages for more information.

Reply

3 ken February 23, 2008 at 12:32 pm

thanks, this helped me get su and sudo setup for my user account.

Reply

4 L0th March 1, 2009 at 3:35 am

Thanks… as a brand new Linux user this was a HUGE help!

Reply

5 kbouk March 9, 2009 at 2:40 pm

Very helpful.

Reply

6 Me June 30, 2009 at 7:51 am

Very helpful.

Thanks.

Reply

7 MeinBSDuserhoon January 28, 2010 at 12:34 pm

Thanks, it helped me tooo

Big thanks!

Reply

8 gautam February 11, 2011 at 5:07 pm

hey,
is there any method by which su command souldn’t ask for the password??

Reply

9 Walter February 23, 2011 at 12:05 pm

no good

I typed exactly whats in the brackets
(pw user mod walter -G wheel)

and i got back
pw: you must be root to run this program

HELP via email please

Reply

10 confused February 26, 2012 at 8:36 pm

a question about
sudo su
does this command enable root without asking for the account password ?
therefore is it safer to enable root just to set a password so that if someone who knows your account password cannot perform sudo commands ?
or …if the ‘sudo su’ command doesnt ask for a password does it even make a difference ?

Reply

11 Sergey November 22, 2012 at 8:04 am

try gdb’s shortcut b some_function’ and then s’ :)@someone: can you use your VC to ssh sverer to debug(without setting up VNC)? Can you use VC to debug other language like python, Erlang, ? Do you think VC’s debugging ability also apply on very complicated problem or problems need to scale up, like map-reduce, complicated async network problem? Ppl in linux think deeper.Finally, how much time we should spend on learning our tools depends on our self-expectation. If you are aiming for F1 champion, will you save $$ on your car?

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , ,

Previous post:

Next post: