Bypass "su: Sorry" on pfSense?
-
I need to use the su function on my pfSense. How do I enable it?
And, while on the subject, how do I enable root to be able to login thru SSH?
-
Hi,
su : this https://forum.netgate.com/topic/132087/access-menu-with-common-user-then-su-root-ssh ?
root login : https://www.netgate.com/docs/pfsense/usermanager/granting-users-access-to-ssh.html
-
@gertjan said in Bypass "su: Sorry" on pfSense?:
Hi,
su : this https://forum.netgate.com/topic/132087/access-menu-with-common-user-then-su-root-ssh ?
This does nothing. Just tried it and su gives the same message.
-
What did you try exactly?
You added the commands you wanted to the user you're using?
https://www.netgate.com/docs/pfsense/usermanager/sudo-package.html
Steve
-
Your going to have to show us what your doing because this is clickity clickity... Install the package.. ssh in as billy su up to root.. It really is that simple..
Or you can su to another account from root, etc.. If you want detailed help your going to need to give details. What exactly are you wanting to accomplish - why do you believe you need to use su?
Here just created account billy, put in him in the admin group so he can run sudo (default config of sudo when installed) then ran sudo su put in billys password and there you go he is root
-
@johnpoz said in Bypass "su: Sorry" on pfSense?:
Your going to have to show us what your doing because this is clickity clickity... Install the package.. ssh in as billy su up to root.. It really is that simple..
Or you can su to another account from root, etc.. If you want detailed help your going to need to give details. What exactly are you wanting to accomplish - why do you believe you need to use su?
Here just created account billy, put in him in the admin group so he can run sudo (default config of sudo when installed) then ran sudo su put in billys password and there you go he is root
You trying to switch users with root permissions; That is what sudo is
su automatically switches users as long as you have permissions to do so.
Im surprised that still, in 2018, people do not know there is a difference between sudo and su: https://www.google.com/search?q=difference+between+su+and+sudo
-
These might shed some light on his intentions:
https://old.reddit.com/r/PFSENSE/comments/9yyeuk/get_past_su_sorry_on_pfsense/
https://old.reddit.com/r/PFSENSE/comments/9yy373/backing_up_pfsense_using_veeam/@riahc3 said in Bypass "su: Sorry" on pfSense?:
You trying to switch users with root permissions; That is what sudo is
su automatically switches users as long as you have permissions to do so.
Im surprised that still, in 2018, people do not know there is a difference between sudo and su: https://www.google.com/search?q=difference+between+su+and+sudo
You might want to read those google results yourself. The only difference is that su by default switches the session to a different user while sudo only runs a single command as a different user. Both require authentication, unless you configure them differently. How you can configure them depends on how they are implemented in the OS.
-
Without more info from you we are just guessing what you're trying to do.
It looks like you're trying to run some Linux script against BSD and it's failing. But that's just a guess since you've given us nothing to work with.
Steve
-
I know exactly what sudo and su you is... What I don't know is WTF your wanting to do ;)
As you see I switch from a user to root via su... Since the user is not root, it can not run su without sudo..
So how about you clearly explain what your wanting to do and we can help you vs some complaint that I don't understand the difference between sudo and su..
If I login as admin or root, I have no need for sudo to run su..
[2.4.4-RELEASE][root@sg4860.local.lan]/root: su billy
[2.4.4-RELEASE][billy@sg4860.local.lan]/root:If you want another user kevin be able to su to billy... Then hey can do that with sudo, which you can enable him to run su..
Your going to need to be clear on what you want vs
su: sorryDoesn't tell us what your trying to do!!!
-
I replied to the same issue on Reddit, so I'll copy my reply here, too:
On FreeBSD,
su
requires that the user be a member of thewheel
group. But there isn't a way to put a GUI user into thewheel
group, so you have to usesudo
instead.You could work around that by manually editing the groups file in the OS or hacking on
/etc/pam.d/su
to use theadmins
group instead, but why bother? The changes would be wiped out on the next update. Usesudo
instead.Using
su
also requires you share the credentials of theroot
/admin
account which goes against best security practices.Using
sudo
is best in the context of a firewall. Everyone uses their own account, their own password, and can have customized permissions per user.