The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. You need to become super user (root) only when tasks need root permissions. Here is how to become a super user:

At the shell prompt type su – and press enter key, when prompted for password supply root user password:
$ su -
Sample outputs:


The su command requests appropriate user credentials via PAM and switches oo that user ID (the default user is the superuser). A shell is then executed. Type exit or press CTRL+D to exit from superuser session, enter:
# exit

su: Sorry for normal user account error and solution

If you get an error that read as follows:

su: Sorry for normal user account.

You can fix this problem by adding user account to the wheel group. PAM is used to set the policy su will use. In particular, by default only users in the wheel group can switch to UID 0 (root). This group requirement may be changed by modifying the pam_group section of /etc/pam.d/su file. wheel is a special group for system administration purpose. Add your normal user to this group using the pw command. The syntax is:

pw user  mod  username -G wheel

In this example add a user called vivek to the group called wheel, enter:
# pw user mod vivek -G wheel
# groups vivek

Sample outputs:

vivek wheel

You can disable this behavior complete for all users (not recommended until and unless you trust ALL of your users). Open pam configuration file for su using a text editor such as vi or vim:
# vi /etc/pam.d/su

Find the following line and comment it out:
auth requisite no_warn group=wheel root_only fail_safe ruser
Replace with:
#auth requisite no_warn group=wheel root_only fail_safe ruser
Save and close the file. Now all users can use su command to become root or superuser.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 14 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
14 comments… add one
  • Anonymous May 1, 2005 @ 1:21

    You do not necessiarily need to enable root (it COULD be a a risk to open that acoount up 😉

    try ‘sudo su’ and you will be promoted to root WITHOUT enabling root!

    • Adler Nov 13, 2016 @ 4:21

      Sudo is not installed then guess what?

  • LinuxTitli May 9, 2005 @ 12:55

    FreeBSD : Using sudo

    You are correct. For those who are not familiar with sudo under FreeBSD here is small how-to:

    1) What is sudo?
    sudo is security tool/utility which allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers (/usr/local/etc/sudoers) file. It supposes to replace traditional su command which is discussed above.

    2) How do I install sudo?
    By default, sudo is not installed; you can install it from ports collection or from installation media such as DVD/CDROM. However, make sure it is not installed with following command:
    #pkg_info | grep sudo

    If sudo package already installed it will display in output else use any one of the following method to install sudo.

    Method # 1 : Install sudo from CD/DVDROM
    a) Login as root user

    b) Mount cdrom drive
    # mount /cdrom

    c) Change directory to security directory where sudo binary package is stored on disk:
    # cd /cdrom/packages/security/

    d) Install the sudo:
    # pkg_add -v sudo*

    Method # 2: Using ports (recommended)

    a)Goto sudo ports directory:
    # cd /usr/ports/security/sudo

    b) Download, compile and install sudo:
    # make install clean

    Main sudo configuration file is usr/local/etc/sudoers. You can edit this file directly or use visudo command


    Save the file

    rdl : Name of user who can execute /sbin/su command for host

    Now you rdl can execute the command (when prompted for password supply rdl users password)
    $ sudo /sbin/su

    See su and sudo man pages for more information.

  • ken Feb 23, 2008 @ 12:32

    thanks, this helped me get su and sudo setup for my user account.

  • L0th Mar 1, 2009 @ 3:35

    Thanks… as a brand new Linux user this was a HUGE help!

  • kbouk Mar 9, 2009 @ 14:40

    Very helpful.

  • Me Jun 30, 2009 @ 7:51

    Very helpful.


  • MeinBSDuserhoon Jan 28, 2010 @ 12:34

    Thanks, it helped me tooo

    Big thanks!

  • gautam Feb 11, 2011 @ 17:07

    is there any method by which su command souldn’t ask for the password??

  • Walter Feb 23, 2011 @ 12:05

    no good

    I typed exactly whats in the brackets
    (pw user mod walter -G wheel)

    and i got back
    pw: you must be root to run this program

    HELP via email please

  • confused Feb 26, 2012 @ 20:36

    a question about
    sudo su
    does this command enable root without asking for the account password ?
    therefore is it safer to enable root just to set a password so that if someone who knows your account password cannot perform sudo commands ?
    or …if the ‘sudo su’ command doesnt ask for a password does it even make a difference ?

  • Sergey Nov 22, 2012 @ 8:04

    try gdb’s shortcut b some_function’ and then s’ :)@someone: can you use your VC to ssh sverer to debug(without setting up VNC)? Can you use VC to debug other language like python, Erlang, ? Do you think VC’s debugging ability also apply on very complicated problem or problems need to scale up, like map-reduce, complicated async network problem? Ppl in linux think deeper.Finally, how much time we should spend on learning our tools depends on our self-expectation. If you are aiming for F1 champion, will you save $$ on your car?

  • Barry Allard Jan 18, 2015 @ 21:52

    This advise is out-of-date and no longer works.

    A working /etc/pam.d/su for password-less su for wheel users only is:

    auth requisite no_warn group=wheel root_only fail
    _safe ruser
    auth sufficient no_warn group=wheel root_only fail
    _safe ruser
    # ^– add this line here

  • nda888 Jul 5, 2016 @ 10:29


    I got some problems when excute “su -” command

    it said “su: pam_start: system error”

    How can i resolve this?

    Tried many solution on google but failed

    Please help me
    Thanks so much

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum