How to enable su access or switch to superuser in freebsd

In this tutorial we will learn how to enable su access or switch to superuser in FreeBSD. su command is used to become another user during a login session. To become a superuser you can use the command su - or su -l root .But after installing freebsd the user other than root is not able to switch to another user by using su command.In below given screenshot we can see the error:

ERROR-> su: Sorry

freebsd su access


To enable su access ,follow the given below steps

Step 1: Login as a root in a system and create a new group called sugroup (You can give any other name to new group also)

pw groupadd sugroup

Step 2: Now edit the /etc/pam.d/su file

vi /etc/pam.d/su

Locate the line in /etc/pam.d/su file

auth  requisite	 pam_group.so	no_warn group=wheel root_only fail_safe ruser

Now add sugroup after wheel by giving comma(,). see the below reference

auth	requisite  pam_group.so	 no_warn group=wheel,sugroup root_only fail_safe ruser

Step 3: I have a user called sharad,now we will add sharad user to additional group called sugroup

pw user mod sharad -G sugroup

Note: Replace sharad user with your user name.

To enable su access to other user or new user ,you have to only add these users into additional group called sugroup by using above given command in Step 3(as per tutorial)

Step 4: Now exit from system and login as user and try using su command to switch to another user or become superuser

Below is screenshot of enabled su access for superuser

freebsd-sudo5

5 thoughts on “How to enable su access or switch to superuser in freebsd”

  1. Hi Sharad,
    I am very new in the freebsd world. Was looking for some tips and tricks in bsd. With respect to su in freebsd, your post is great. But i was just trying to understand, in the file “/etc/pam.d/su” there is a pam auth rule defined for the group wheel, so if we add the user sharad in the group wheel, sharad will have su privileges. Is there any specific reason, that the default group called wheel, which is predefined should not be used??? Also if we hash out the auth requisite line, then any user can use su, very similar to linux environment which I am used to.

    Reply
    • Hello Rudra,

      1. Wheel group is by-default group in system, members of this group have root privileges.
      2. Why wheel group users have root privileges that is define in /etc/pam.d/su file. You can see bydefualt wheel group is mentioned in /etc/pam.d/su file. Here is the line, auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
      3. The /etc/pam.d/su controls the su access.

      In this tutorial, I simply created new group called sugroup and added this group in /etc/pam.d/su file.
      Reason is, so that I can provide root privileges to the users of the group called sugroup without touching wheel group.

      I hope , I am able to deliver the answer what you ask for.

      Regards
      Sharad

      In this tutorial, I added new group called sugroup.

      Reply
      • Hi Sharad,

        You are right. Even I have figured it out. By Default sudo is not installed in FreeBSD. If it is installed, then in the sudoers file (just as in Linux), there is a commented line that defines that people in the wheel group can have root privileges. If the comment is removed the condition becomes true and anybody can elevate their privileges to root with their own user password. Considering that, your approach is ideal.

        Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.