≡ Menu

FreeBSD: Becoming Super User (su) or Enabling su Access For User Account

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. You need to become super user (root) only when tasks need root permissions. Here is how to become a super user:

At the shell prompt type su - and press enter key, when prompted for password supply root user password:
$ su -
Sample outputs:

password:
#

The su command requests appropriate user credentials via PAM and switches oo that user ID (the default user is the superuser). A shell is then executed. Type exit or press CTRL+D to exit from superuser session, enter:
# exit

su: Sorry for normal user account error and solution

If you get an error that read as follows:

su: Sorry for normal user account.

You can fix this problem by adding user account to the wheel group. PAM is used to set the policy su will use. In particular, by default only users in the wheel group can switch to UID 0 (root). This group requirement may be changed by modifying the pam_group section of /etc/pam.d/su file. wheel is a special group for system administration purpose. Add your normal user to this group using the pw command. The syntax is:

 
pw user  mod  username -G wheel
 

In this example add a user called vivek to the group called wheel, enter:
# pw user mod vivek -G wheel
# groups vivek

Sample outputs:

vivek wheel

You can disable this behavior complete for all users (not recommended until and unless you trust ALL of your users). Open pam configuration file for su using a text editor such as vi or vim:
# vi /etc/pam.d/su

Find the following line and comment it out:
auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
Replace with:
#auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
Save and close the file. Now all users can use su command to become root or superuser.

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

Comments on this entry are closed.

  • Anonymous May 1, 2005, 1:21 am

    You do not necessiarily need to enable root (it COULD be a a risk to open that acoount up ;-)

    try ‘sudo su’ and you will be promoted to root WITHOUT enabling root!

  • LinuxTitli May 9, 2005, 12:55 pm

    FreeBSD : Using sudo

    You are correct. For those who are not familiar with sudo under FreeBSD here is small how-to:

    1) What is sudo?
    sudo is security tool/utility which allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers (/usr/local/etc/sudoers) file. It supposes to replace traditional su command which is discussed above.

    2) How do I install sudo?
    By default, sudo is not installed; you can install it from ports collection or from installation media such as DVD/CDROM. However, make sure it is not installed with following command:
    #pkg_info | grep sudo

    If sudo package already installed it will display in output else use any one of the following method to install sudo.

    Method # 1 : Install sudo from CD/DVDROM
    a) Login as root user

    b) Mount cdrom drive
    # mount /cdrom

    c) Change directory to security directory where sudo binary package is stored on disk:
    # cd /cdrom/packages/security/

    d) Install the sudo:
    # pkg_add -v sudo*

    Method # 2: Using ports (recommended)

    a)Goto sudo ports directory:
    # cd /usr/ports/security/sudo

    b) Download, compile and install sudo:
    # make install clean

    Main sudo configuration file is usr/local/etc/sudoers. You can edit this file directly or use visudo command

    rdl fbsd.test.com=/sbin/su

    Save the file

    rdl : Name of user who can execute /sbin/su command for fbsd.test.com host

    Now you rdl can execute the command (when prompted for password supply rdl users password)
    $ sudo /sbin/su

    See su and sudo man pages for more information.

  • ken February 23, 2008, 12:32 pm

    thanks, this helped me get su and sudo setup for my user account.

  • L0th March 1, 2009, 3:35 am

    Thanks… as a brand new Linux user this was a HUGE help!

  • kbouk March 9, 2009, 2:40 pm

    Very helpful.

  • Me June 30, 2009, 7:51 am

    Very helpful.

    Thanks.

  • MeinBSDuserhoon January 28, 2010, 12:34 pm

    Thanks, it helped me tooo

    Big thanks!

  • gautam February 11, 2011, 5:07 pm

    hey,
    is there any method by which su command souldn’t ask for the password??

  • Walter February 23, 2011, 12:05 pm

    no good

    I typed exactly whats in the brackets
    (pw user mod walter -G wheel)

    and i got back
    pw: you must be root to run this program

    HELP via email please

  • confused February 26, 2012, 8:36 pm

    a question about
    sudo su
    does this command enable root without asking for the account password ?
    therefore is it safer to enable root just to set a password so that if someone who knows your account password cannot perform sudo commands ?
    or …if the ‘sudo su’ command doesnt ask for a password does it even make a difference ?

  • Sergey November 22, 2012, 8:04 am

    try gdb’s shortcut b some_function’ and then s’ :)@someone: can you use your VC to ssh sverer to debug(without setting up VNC)? Can you use VC to debug other language like python, Erlang, ? Do you think VC’s debugging ability also apply on very complicated problem or problems need to scale up, like map-reduce, complicated async network problem? Ppl in linux think deeper.Finally, how much time we should spend on learning our tools depends on our self-expectation. If you are aiming for F1 champion, will you save $$ on your car?

  • Barry Allard January 18, 2015, 9:52 pm

    This advise is out-of-date and no longer works.

    A working /etc/pam.d/su for password-less su for wheel users only is:

    auth requisite pam_group.so no_warn group=wheel root_only fail
    _safe ruser
    auth sufficient pam_group.so no_warn group=wheel root_only fail
    _safe ruser
    # ^– add this line here