-1

On my centos 7 vps server, to secure my server I disabled root login via ssh. I created a new user called erdem and login with that user via ssh. After I login via ssh with user erdem, I would like to switch to root user with su command or su -s command. When I do that I get this error:

-bash: /usr/bin/su: Permission denied

How can I give permission to user called erdem so I can switch with su or su -s command to root.

The output of ls -l /usr/bin/su:

 -rwsr-x--- 1 root wheel /usr/bin/su

I tried to add the user into wheel group but it still gives the same error.

I used bellow command

gpasswd -a erdem wheel

Solved: I needed to logout and login again.

Erdem Ece
  • 309
  • Error apart, what you want to obtain is more commonly done via sudo -s. Doesn’t it work for you ? – LL3 Apr 12 '19 at 16:06
  • su is also a valid means to become root, particularly if sudo is not yet installed, or the newly-created non-root user is not yet in sudoers. OP, can you please add the output of the following to your question: ls -l /usr/bin/su – DopeGhoti Apr 12 '19 at 16:13
  • when I do that it asks for a password for the user and when I type it I get this message erdem is not in the sudoers file. This incident will be reported. – Erdem Ece Apr 12 '19 at 16:13
  • su expects the target user's password (root in this case). sudo expects the password of the user executing the command (yours). su on some systems can only be executed by users in particular groups (wheel on BSD, for example), but I'm unsure how this works on CentOS. – Kusalananda Apr 12 '19 at 16:14
  • @DopeGhoti it returns -rwsr-x--- 1 root wheel /usr/bin/su – Erdem Ece Apr 12 '19 at 16:16
  • @Kusalananda I don't want the user has root privileges. I want to be able to switch to root. thanks. – Erdem Ece Apr 12 '19 at 16:17
  • @ErdemEce This is what I assumed as well. My comment refers to you wanting to switch to root using either su or sudo and addresses the possibility that you used the wrong password. su asks for the root password, sudo asks for your password. – Kusalananda Apr 12 '19 at 16:19
  • @Kusalananda when I type su it doesn't ask for password it straight returns -bash: /usr/bin/su: Permission denied error – Erdem Ece Apr 12 '19 at 16:21
  • The user you created is not member of the wheel group and thus is not allowed to run su. It is also apparently not in any group allowed by your sudo configuration either. How did you create that user ? – LL3 Apr 12 '19 at 16:24
  • 1
    Please add details by editing the question, not by adding them to the comments. – DopeGhoti Apr 12 '19 at 16:24
  • @DopeGhoti i edited my question. – Erdem Ece Apr 12 '19 at 16:28
  • Thank you. After adding your user to the wheel group, you will need that user to log out and log back in again to refresh its group memberships. – DopeGhoti Apr 12 '19 at 16:29
  • @DopeGhoti that did it. It's a simple step but I couldn't figure it out. Thanks a lot. – Erdem Ece Apr 12 '19 at 16:30
  • duplicate of https://unix.stackexchange.com/q/91271/4778 – ctrl-alt-delor Apr 12 '19 at 16:40

1 Answers1

-1

The permissions for su look abnormal to me. Here are the permissions I see on another CentOS machine:

-rwsr-xr-x. 1 root root 32208 Mar 14 10:37 /usr/bin/su

Note that your copy of su does not have the execute permission for users not in the wheel group, who are not already the root user.

On your system, no one will be able to su even knowing the root password if they are not in the wheel group.

DopeGhoti
  • 76,081
  • after adding the user wheel group I didn't know I needed to logout and login again. Thanks. – Erdem Ece Apr 12 '19 at 16:31
  • This is the traditional way. The purpose of group wheel is to be able to use su to change to root. I think the check was originally in the command, as doing it this way prevents users switching to another non-root user (with password). – ctrl-alt-delor Apr 12 '19 at 16:36