# SA2:  Why can't I su to root?

## rac

Navigation: [System Administration] [Table of Contents]

Q1. Why can't I su to root?

I've added a non-root user, but when I try to use the "su" command to become root, it doesn't work, and I get the error "Permission denied".  Why is this and what can I do about it?

A1. As a security precaution, the default settings for Gentoo Linux require a user to be a member of the wheel group to be allowed to execute the "su" command to become root.

You can add a user to the wheel group in several ways. You can use the -G option of usermod or the -a option of gpasswd, such as: 

```
# usermod -G users,wheel username

# gpasswd -a username wheel
```

Note, however, that any supplementary groups not specified are removed if you use usermod, so, for example, if you need the user to remain a member of the audio group, you must explicitly say 

```
# usermod -G users,wheel,audio username
```

You can also use the vigr command to edit /etc/group directly, changing the line for the wheel group to read something like 

```
wheel::10:root,username
```

Does the "groups" command confirm that you are a member of the correct group?

Note: for users of the GLI, you will need to run "sudo su -" instead of just "su".

Q1.1. But this just happened, and su was working.  Really.  It was.

A1.1. If you've recently updated some files, such as with etc-update, you probably overwrote a configuration file.  Go through these steps again to verify everything is configured correctly.

Q1.2. But my user is a member of the wheel group, and I still can't su to root.  My error message is slightly different.  It says "Authentication failure".

A1.2. Check the file permissions on the /bin/su executable using 

```
$ ls -l /bin/su
```

It should say: 

```
-rwsr-xr-x    1 root     root
```

If your permissions are different, you can fix them using: 

```
# chown root:root /bin/su

# chmod 4755 /bin/su
```

Other things to check:/etc/fstab settings:  users,exec / nosuid

user's home directory is owned by the user.

Permissions on / directory.  This thread, or this summary.

You are not authorized to su root:  pam-login, shadow Note: removing wheel group requirement is NOT a desireable solution. There is, however, a remedy.

Sources:ebrostig in su problem: (/etc/group is ok) i rtfm... twice

EDIT:  

Added "Other things to check." --pjp

Inserted a new 1.1 --pjp

Added direct link to pam-less wheel remedy.  --kallamej

Changed chown command to reflect newer user:group syntax. --Maedhros

Added note for GLI users on how to su --mark_alec

Added gpasswd example. --kallamej

----------

