FreeBSD: Becoming Super User (su) or Enabling su Access For User Account

last updated in Categories FreeBSD

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. You need to become super user (root) only when tasks need root permissions. Here is how to become a super user:

At the shell prompt type su – and press enter key, when prompted for password supply root user password:
$ su -
Sample outputs:



The su command requests appropriate user credentials via PAM and switches oo that user ID (the default user is the superuser). A shell is then executed. Type exit or press CTRL+D to exit from superuser session, enter:
# exit

su: Sorry for normal user account error and solution

If you get an error that read as follows:

su: Sorry for normal user account.

You can fix this problem by adding user account to the wheel group. PAM is used to set the policy su will use. In particular, by default only users in the wheel group can switch to UID 0 (root). This group requirement may be changed by modifying the pam_group section of /etc/pam.d/su file. wheel is a special group for system administration purpose. Add your normal user to this group using the pw command. The syntax is:

pw user  mod  username -G wheel

In this example add a user called vivek to the group called wheel, enter:
# pw user mod vivek -G wheel
# groups vivek

Sample outputs:

vivek wheel

You can disable this behavior complete for all users (not recommended until and unless you trust ALL of your users). Open pam configuration file for su using a text editor such as vi or vim:
# vi /etc/pam.d/su

Find the following line and comment it out:
auth requisite no_warn group=wheel root_only fail_safe ruser
Replace with:
#auth requisite no_warn group=wheel root_only fail_safe ruser
Save and close the file. Now all users can use su command to become root or superuser.


Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

14 comment

  1. You do not necessiarily need to enable root (it COULD be a a risk to open that acoount up 😉

    try ‘sudo su’ and you will be promoted to root WITHOUT enabling root!

  2. FreeBSD : Using sudo

    You are correct. For those who are not familiar with sudo under FreeBSD here is small how-to:

    1) What is sudo?
    sudo is security tool/utility which allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers (/usr/local/etc/sudoers) file. It supposes to replace traditional su command which is discussed above.

    2) How do I install sudo?
    By default, sudo is not installed; you can install it from ports collection or from installation media such as DVD/CDROM. However, make sure it is not installed with following command:
    #pkg_info | grep sudo

    If sudo package already installed it will display in output else use any one of the following method to install sudo.

    Method # 1 : Install sudo from CD/DVDROM
    a) Login as root user

    b) Mount cdrom drive
    # mount /cdrom

    c) Change directory to security directory where sudo binary package is stored on disk:
    # cd /cdrom/packages/security/

    d) Install the sudo:
    # pkg_add -v sudo*

    Method # 2: Using ports (recommended)

    a)Goto sudo ports directory:
    # cd /usr/ports/security/sudo

    b) Download, compile and install sudo:
    # make install clean

    Main sudo configuration file is usr/local/etc/sudoers. You can edit this file directly or use visudo command


    Save the file

    rdl : Name of user who can execute /sbin/su command for host

    Now you rdl can execute the command (when prompted for password supply rdl users password)
    $ sudo /sbin/su

    See su and sudo man pages for more information.

  3. no good

    I typed exactly whats in the brackets
    (pw user mod walter -G wheel)

    and i got back
    pw: you must be root to run this program

    HELP via email please

  4. a question about
    sudo su
    does this command enable root without asking for the account password ?
    therefore is it safer to enable root just to set a password so that if someone who knows your account password cannot perform sudo commands ?
    or …if the ‘sudo su’ command doesnt ask for a password does it even make a difference ?

  5. try gdb’s shortcut b some_function’ and then s’ :)@someone: can you use your VC to ssh sverer to debug(without setting up VNC)? Can you use VC to debug other language like python, Erlang, ? Do you think VC’s debugging ability also apply on very complicated problem or problems need to scale up, like map-reduce, complicated async network problem? Ppl in linux think deeper.Finally, how much time we should spend on learning our tools depends on our self-expectation. If you are aiming for F1 champion, will you save $$ on your car?

  6. This advise is out-of-date and no longer works.

    A working /etc/pam.d/su for password-less su for wheel users only is:

    auth requisite no_warn group=wheel root_only fail
    _safe ruser
    auth sufficient no_warn group=wheel root_only fail
    _safe ruser
    # ^– add this line here

  7. Hello,

    I got some problems when excute “su -” command

    it said “su: pam_start: system error”

    How can i resolve this?

    Tried many solution on google but failed

    Please help me
    Thanks so much

    Have a question? Post it on our forum!