-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Login as user and switch to root
- Thread starter Lucien
- Start date
- Status
sgbotsford
Cadet
- Joined
- Jan 21, 2012
- Messages
- 7
I'm a novice at FreeNAS, but I think I can give you a start on this one.
'su -' is a login shell. Man login for details. Your old environment (that of the user) is discarded. Login dotfiles are executed.
As an example: If you login initially as juser then su you are still in juser's home diretory (or wherever you were when you typed 'su'. If you type 'su -' you start up in root's home directory, you have no command history from juser and so on.
As to the su: sorry line it may be that your user doesn't have permission to su. (On some unix systems only members of certain groups could use the su command. On others, it was restricted by lists, usually located in /etc.) 'man su' in a terminal window should tell you the details.
Finally on many unixlike systems su has been replaced with sudo which is substantially easier to secure and audit. Try 'man sudo'
'su -' is a login shell. Man login for details. Your old environment (that of the user) is discarded. Login dotfiles are executed.
As an example: If you login initially as juser then su you are still in juser's home diretory (or wherever you were when you typed 'su'. If you type 'su -' you start up in root's home directory, you have no command history from juser and so on.
As to the su: sorry line it may be that your user doesn't have permission to su. (On some unix systems only members of certain groups could use the su command. On others, it was restricted by lists, usually located in /etc.) 'man su' in a terminal window should tell you the details.
Finally on many unixlike systems su has been replaced with sudo which is substantially easier to secure and audit. Try 'man sudo'
J
James
Guest
Make sure the user is in the wheel group.
- Joined
- May 27, 2011
- Messages
- 1,754
As @admin said, your user needs to be in wheel group.
It is a security fix, thats why it worked previously.
It is a security fix, thats why it worked previously.
- Joined
- May 27, 2011
- Messages
- 1,754
The user IS NOT in wheel.
He might be the primary group of the user, which is not the same as belong to (aka in wheel).
He might be the primary group of the user, which is not the same as belong to (aka in wheel).
Clearly I don't know what I'm talking about. Help me understand.
In the FreeNAS GUI, under Users, the group that my user belongs to is "Wheel". Under Groups, when I click "members", my user belongs to the group "Wheel". So how do I "make sure the user is in the wheel group"?
In the FreeNAS GUI, under Users, the group that my user belongs to is "Wheel". Under Groups, when I click "members", my user belongs to the group "Wheel". So how do I "make sure the user is in the wheel group"?
praecorloth
Contributor
- Joined
- Jun 2, 2011
- Messages
- 159
Random thing, but I haven't seen it discussed in the thread yet.
When you change the admin password in the web GUI, do you have it changing the root password as well? Maybe try resetting the password and checking the change root password box just to be sure?
When you change the admin password in the web GUI, do you have it changing the root password as well? Maybe try resetting the password and checking the change root password box just to be sure?
- Joined
- May 27, 2011
- Messages
- 1,754
Don't use wheel as the primary group for your user.
I ran into the same issue as the OP, and just thought I would add a couple of things from a much more inexperienced point of view.
Under Users->todd there is a "Primary Group ID" dropdown box. This should be set to a primary group ID which is not "wheel". In my case, it is "todd". This is what I got out of the Add a User guide in the FreeNAS documentation.
Under Users->View All Users, the "Group" column indicates that my user is in "todd". This confused me for a second, and after reading this thread, this is not the group that the user is really in.
Now, to resolve the issue of not being able to su to root, I want to Groups->View All Groups, and for wheel, clicked the "Memebers" button. Here, I added "todd" from the "Member users" list and hit OK. At this point, I was able to ssh into the box as todd and then su to root, without the OS telling me sorry. At least it is polite.
Hope this helps and I have not spread misinformation.
Under Users->todd there is a "Primary Group ID" dropdown box. This should be set to a primary group ID which is not "wheel". In my case, it is "todd". This is what I got out of the Add a User guide in the FreeNAS documentation.
Under Users->View All Users, the "Group" column indicates that my user is in "todd". This confused me for a second, and after reading this thread, this is not the group that the user is really in.
Now, to resolve the issue of not being able to su to root, I want to Groups->View All Groups, and for wheel, clicked the "Memebers" button. Here, I added "todd" from the "Member users" list and hit OK. At this point, I was able to ssh into the box as todd and then su to root, without the OS telling me sorry. At least it is polite.
Hope this helps and I have not spread misinformation.
temporary solution
as long as your user is in the wheel group , you can allow it to su by editting /etc/pam.d/su
and comment the line following with #:
#auth requisite pam_group.so no_warn group=wheel root_only
unfortunately in order to do this i had to first connect keyboard /monitor to the freenas box because that is the only way I could get root access in order to edit the file.
even more unfortunately I discovered that rebooting the freenas reverts that change I just said above....
let me know if you figure out how to make that change persist.
as long as your user is in the wheel group , you can allow it to su by editting /etc/pam.d/su
and comment the line following with #:
#auth requisite pam_group.so no_warn group=wheel root_only
unfortunately in order to do this i had to first connect keyboard /monitor to the freenas box because that is the only way I could get root access in order to edit the file.
even more unfortunately I discovered that rebooting the freenas reverts that change I just said above....
let me know if you figure out how to make that change persist.
- Joined
- May 27, 2011
- Messages
- 1,754
Doing that is dumb, if you want to do that fine, but don't spread the word ;)
TimeBandit
Cadet
- Joined
- Jun 7, 2012
- Messages
- 9
Solved
Correct!!
The main confusion is that in order for any regular user to be permitted to 'su' to root, that user must be listed in the "wheel" Group. Note: its not the same thing as selecting wheel as the user's primary group. But FWIW, yes, you can have wheel as your user's primary group { but its not best practice to do so }, but you still can't su to root unless you specifically add that user to the group called wheel - to re-cap, here's how (as of ver 8.0.4):
1) In the webGUI, on the left-hand link-tree, expand/click on Account-->Groups-->View All Groups
2) You'll see a list of groups, click the button "Members" for the wheel group
3) Highlight all users you want to permit 'su root' in the left box, then press the ">>" link to flag them to the "selected" box
4) Click "ok", you're done.
Correct!!
The main confusion is that in order for any regular user to be permitted to 'su' to root, that user must be listed in the "wheel" Group. Note: its not the same thing as selecting wheel as the user's primary group. But FWIW, yes, you can have wheel as your user's primary group { but its not best practice to do so }, but you still can't su to root unless you specifically add that user to the group called wheel - to re-cap, here's how (as of ver 8.0.4):
1) In the webGUI, on the left-hand link-tree, expand/click on Account-->Groups-->View All Groups
2) You'll see a list of groups, click the button "Members" for the wheel group
3) Highlight all users you want to permit 'su root' in the left box, then press the ">>" link to flag them to the "selected" box
4) Click "ok", you're done.
freenas-deluxe
Dabbler
- Joined
- Nov 23, 2013
- Messages
- 17
I did exactly this and it does not work in 9.1.1.
Any help is appreciated, since sudo is no option either.
Code:
[sebastian@freenas ~]$ id uid=1003(sebastian) gid=20(staff) groups=20(staff),0(wheel) [sebastian@freenas ~]$ su - Password: su: Sorry [sebastian@freenas ~]$ su root Password: su: Sorry
Any help is appreciated, since sudo is no option either.
- Status
Related topics on forums.truenas.com for thread: "Login as user and switch to root"
Similar threads
- Locked
