FreeBSD > Becoming super user (su) or enabling su access to user

Posted by Vivek Gite [Last updated: November 8, 2006]

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. You need to become super user (root) only when tasks need root permissions. Here is how to become super user:

1) At shell prompt type su and press enter key, when prompted for password supply root user password:
$ su
password:
#

2) To exit super user status type exit or press CTRL+D
# exit>
$

Please note that if you get an error su: Sorry for normal user account. Following workaround needed to get rid of this problem/error:

1) For security, reason FreeBSD only allows su to root user, if user is member of wheel group. Wheel group is a special group for administration purpose. Add your normal user to this group using pw command using following:
# pw user mod username -G wheel

2) So to add user vivek to group wheel run command as follows:
# pw user mod vivek -G wheel # groups vivek
vivek wheel

3) Now su will work for vivek user.

You can disable this behavior complete for all users (not recommended until and unless you trust ALL of users):
1) Open pam configuration file for su using text editor:
# vi /etc/pam.d/su

2) Look for following line and comment it out:
Line:
auth requisite pam_wheel.so no_warn auth_as_self noroot_ok exempt_if_empty
Replace with:
#auth requisite pam_wheel.so no_warn auth_as_self noroot_ok exempt_if_empty

3) Now all users can use su command.

Tell us how we're doing: Please answer a few questions about your experience to help us improve nixCraft.

Discussion on This Article:

Anonymous Says: May 1st, 2005 at 1:21 am
You do not necessiarily need to enable root (it COULD be a a risk to open that acoount up
try ’sudo su’ and you will be promoted to root WITHOUT enabling root!
LinuxTitli Says: May 9th, 2005 at 12:55 pm
FreeBSD : Using sudo

You are correct. For those who are not familiar with sudo under FreeBSD here is small how-to:

1) What is sudo?
sudo is security tool/utility which allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers (/usr/local/etc/sudoers) file. It supposes to replace traditional su command which is discussed above.

2) How do I install sudo?
By default, sudo is not installed; you can install it from ports collection or from installation media such as DVD/CDROM. However, make sure it is not installed with following command:
#pkg_info | grep sudo

If sudo package already installed it will display in output else use any one of the following method to install sudo.

Method # 1 : Install sudo from CD/DVDROM
a) Login as root user

b) Mount cdrom drive
# mount /cdrom

c) Change directory to security directory where sudo binary package is stored on disk:
# cd /cdrom/packages/security/

d) Install the sudo:
# pkg_add -v sudo*

Method # 2: Using ports (recommended)

a)Goto sudo ports directory:
# cd /usr/ports/security/sudo

b) Download, compile and install sudo:
# make install clean

Main sudo configuration file is usr/local/etc/sudoers. You can edit this file directly or use visudo command

rdl fbsd.test.com=/sbin/su

Save the file

rdl : Name of user who can execute /sbin/su command for fbsd.test.com host

Now you rdl can execute the command (when prompted for password supply rdl users password)
$ sudo /sbin/su

See su and sudo man pages for more information.
ken Says: February 23rd, 2008 at 12:32 pm
thanks, this helped me get su and sudo setup for my user account.