In this tutorial we will learn how to enable su access or switch to superuser in FreeBSD. su command is used to become another user during a login session. To become a superuser you can use the command su - or su -l root .But after installing freebsd the user other than root is not able to switch to another user by using su command.In below given screenshot we can see the error:
ERROR-> su: Sorry
To enable su access ,follow the given below steps
Step 1: Login as a root in a system and create a new group called sugroup (You can give any other name to new group also)
pw groupadd sugroup
Step 2: Now edit the /etc/pam.d/su file
vi /etc/pam.d/su
Locate the line in /etc/pam.d/su file
auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
Now add sugroup after wheel by giving comma(,). see the below reference
auth requisite pam_group.so no_warn group=wheel,sugroup root_only fail_safe ruser
Step 3: I have a user called sharad,now we will add sharad user to additional group called sugroup
pw user mod sharad -G sugroup
Note: Replace sharad user with your user name.
To enable su access to other user or new user ,you have to only add these users into additional group called sugroup by using above given command in Step 3(as per tutorial)
Step 4: Now exit from system and login as user and try using su command to switch to another user or become superuser
Below is screenshot of enabled su access for superuser
Cooooooolllllll!!!!!!!!!!!!1
Hi Sharad,
I am very new in the freebsd world. Was looking for some tips and tricks in bsd. With respect to su in freebsd, your post is great. But i was just trying to understand, in the file “/etc/pam.d/su” there is a pam auth rule defined for the group wheel, so if we add the user sharad in the group wheel, sharad will have su privileges. Is there any specific reason, that the default group called wheel, which is predefined should not be used??? Also if we hash out the auth requisite line, then any user can use su, very similar to linux environment which I am used to.
Hello Rudra,
1. Wheel group is by-default group in system, members of this group have root privileges.
2. Why wheel group users have root privileges that is define in /etc/pam.d/su file. You can see bydefualt wheel group is mentioned in /etc/pam.d/su file. Here is the line,
auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser3. The /etc/pam.d/su controls the su access.
In this tutorial, I simply created new group called sugroup and added this group in /etc/pam.d/su file.
Reason is, so that I can provide root privileges to the users of the group called sugroup without touching wheel group.
I hope , I am able to deliver the answer what you ask for.
Regards
Sharad
In this tutorial, I added new group called sugroup.
Hi Sharad,
You are right. Even I have figured it out. By Default sudo is not installed in FreeBSD. If it is installed, then in the sudoers file (just as in Linux), there is a commented line that defines that people in the wheel group can have root privileges. If the comment is removed the condition becomes true and anybody can elevate their privileges to root with their own user password. Considering that, your approach is ideal.
Thankyou Rudra,
Glad to hear very good feedback.Got success to deliver the understanding on this practical.
Regards
Sharad