Bypass "su: Sorry" on pfSense?

riahc3

I need to use the su function on my pfSense. How do I enable it?

And, while on the subject, how do I enable root to be able to login thru SSH?

Gertjan

Hi,

su : this https://forum.netgate.com/topic/132087/access-menu-with-common-user-then-su-root-ssh ?

root login : https://www.netgate.com/docs/pfsense/usermanager/granting-users-access-to-ssh.html

riahc3

@gertjan said in Bypass "su: Sorry" on pfSense?:

Hi,

su : this https://forum.netgate.com/topic/132087/access-menu-with-common-user-then-su-root-ssh ?

This does nothing. Just tried it and su gives the same message.

stephenw10

What did you try exactly?

You added the commands you wanted to the user you're using?

https://www.netgate.com/docs/pfsense/usermanager/sudo-package.html

Steve

johnpoz

Your going to have to show us what your doing because this is clickity clickity... Install the package.. ssh in as billy su up to root.. It really is that simple..

Or you can su to another account from root, etc.. If you want detailed help your going to need to give details. What exactly are you wanting to accomplish - why do you believe you need to use su?

Here just created account billy, put in him in the admin group so he can run sudo (default config of sudo when installed) then ran sudo su put in billys password and there you go he is root

riahc3

@johnpoz said in Bypass "su: Sorry" on pfSense?:

Your going to have to show us what your doing because this is clickity clickity... Install the package.. ssh in as billy su up to root.. It really is that simple..

Or you can su to another account from root, etc.. If you want detailed help your going to need to give details. What exactly are you wanting to accomplish - why do you believe you need to use su?

Here just created account billy, put in him in the admin group so he can run sudo (default config of sudo when installed) then ran sudo su put in billys password and there you go he is root

You trying to switch users with root permissions; That is what sudo is

su automatically switches users as long as you have permissions to do so.

Im surprised that still, in 2018, people do not know there is a difference between sudo and su: https://www.google.com/search?q=difference+between+su+and+sudo

Grimson

These might shed some light on his intentions:
https://old.reddit.com/r/PFSENSE/comments/9yyeuk/get_past_su_sorry_on_pfsense/
https://old.reddit.com/r/PFSENSE/comments/9yy373/backing_up_pfsense_using_veeam/

@riahc3 said in Bypass "su: Sorry" on pfSense?:

You trying to switch users with root permissions; That is what sudo is

su automatically switches users as long as you have permissions to do so.

Im surprised that still, in 2018, people do not know there is a difference between sudo and su: https://www.google.com/search?q=difference+between+su+and+sudo

You might want to read those google results yourself. The only difference is that su by default switches the session to a different user while sudo only runs a single command as a different user. Both require authentication, unless you configure them differently. How you can configure them depends on how they are implemented in the OS.

stephenw10

Without more info from you we are just guessing what you're trying to do.

It looks like you're trying to run some Linux script against BSD and it's failing. But that's just a guess since you've given us nothing to work with.

Steve

johnpoz

I know exactly what sudo and su you is... What I don't know is WTF your wanting to do ;)

As you see I switch from a user to root via su... Since the user is not root, it can not run su without sudo..

So how about you clearly explain what your wanting to do and we can help you vs some complaint that I don't understand the difference between sudo and su..

If I login as admin or root, I have no need for sudo to run su..

[2.4.4-RELEASE][root@sg4860.local.lan]/root: su billy
[2.4.4-RELEASE][billy@sg4860.local.lan]/root:

If you want another user kevin be able to su to billy... Then hey can do that with sudo, which you can enable him to run su..

Your going to need to be clear on what you want vs
su: sorry

Doesn't tell us what your trying to do!!!

jimp

I replied to the same issue on Reddit, so I'll copy my reply here, too:

On FreeBSD, su requires that the user be a member of the wheel group. But there isn't a way to put a GUI user into the wheel group, so you have to use sudo instead.

You could work around that by manually editing the groups file in the OS or hacking on /etc/pam.d/su to use the admins group instead, but why bother? The changes would be wiped out on the next update. Use sudo instead.

Using su also requires you share the credentials of the root/admin account which goes against best security practices.

Using sudo is best in the context of a firewall. Everyone uses their own account, their own password, and can have customized permissions per user.