Joined: 30 May 2002
|Posted: Wed Nov 20, 2002 6:19 am Post subject: SA2: Why can't I su to root?
|Navigation: [System Administration] [Table of Contents]
- Q1. Why can't I su to root?
I've added a non-root user, but when I try to use the "su" command to become root, it doesn't work, and I get the error "Permission denied". Why is this and what can I do about it?
A1. As a security precaution, the default settings for Gentoo Linux require a user to be a member of the wheel group to be allowed to execute the "su" command to become root.
You can add a user to the wheel group in several ways. You can use the -G option of usermod or the -a option of gpasswd, such as:
Note, however, that any supplementary groups not specified are removed if you use usermod, so, for example, if you need the user to remain a member of the audio group, you must explicitly say
|# usermod -G users,wheel username
# gpasswd -a username wheel
You can also use the vigr command to edit /etc/group directly, changing the line for the wheel group to read something like
|# usermod -G users,wheel,audio username |
Does the "groups" command confirm that you are a member of the correct group?
Note: for users of the GLI, you will need to run "sudo su -" instead of just "su".
Q1.1. But this just happened, and su was working. Really. It was.
A1.1. If you've recently updated some files, such as with etc-update, you probably overwrote a configuration file. Go through these steps again to verify everything is configured correctly.
Q1.2. But my user is a member of the wheel group, and I still can't su to root. My error message is slightly different. It says "Authentication failure".
A1.2. Check the file permissions on the /bin/su executable using It should say:
If your permissions are different, you can fix them using:
|-rwsr-xr-x 1 root root |
|# chown root:root /bin/su
# chmod 4755 /bin/su
Other things to check:
Added "Other things to check." --pjp
Inserted a new 1.1 --pjp
Added direct link to pam-less wheel remedy. --kallamej
Changed chown command to reflect newer user:group syntax. --Maedhros
Added note for GLI users on how to su --mark_alec
Added gpasswd example. --kallamej
For every higher wall, there is a taller ladder
Last edited by rac on Wed Nov 20, 2002 9:49 pm; edited 1 time in total