# su question



## aquilinum (Jul 19, 2013)

I did give a search before asking, but apologies if this is already answered or better asked elsewhere...

When I try to su(1) to another user (i.e. `su -l username` or even just `su username`) and use the password that I know works, my system prints no errors and my shell prompt returns the name of my account (which yes, is part of the wheel group). If I check my ID and groups I see that I am part of wheel and that I did not successfully switch to the other user account, even though I know I entered the password correctly.


```
$ groups
myusername wheel
$ su otherusername
Password:
$ id
uid=1001(myusername) gid=1001(myusername) groups=1001(myusername),0(wheel)
```

Any ideas/suggestions on where I can look to troubleshoot even?


----------



## Chris_H (Jul 19, 2013)

Greetings,

A couple of questions come to mind: what version of FreeBSD are you on (see `uname -a`). Also what shell do you use; sh(1), csh(1) (tcsh), bash(1), ...? Were you already logged in as root somewhere before attempting su(1)?

*Scratch that*; after refreshing myself with su, I discover the following:

```
-l      Simulate a full login.  The environment is discarded except for
	     HOME, SHELL, PATH, TERM, and USER.  HOME and SHELL are modified
	     as above.	USER is set to the target login.  PATH is set to
	     ``/bin:/usr/bin''.  TERM is imported from your current environ-
	     ment.  Environment variables may be set or overridden from the
	     login class capabilities database according to the class of the
	     target login.  The invoked shell is the target login's, and su
	     will change directory to the target login's home directory.
	     Resource limits and session priority are modified to that for the
	     target account's login class.
```
Sound familiar? Please see the su(1) man(1) page(s) for further details.

--chris


----------



## aquilinum (Jul 19, 2013)

@Chris_H,

I'm running 9.1-RELEASE and I have used the -l option to no avail. The system never changes my session / starts a new shell / whatever is supposed to happen and I never get moved to the home directory of the target user.


```
$ uname -a
FreeBSD frond 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
```

Would a restrictive ipfw setting affect this?


----------



## Chris_H (Jul 19, 2013)

OK. I guess I should have enquired a bit more. Are you at the box you're su-ing in? Or are you ssh-ing into it from another location? Have you examined login.conf(5)? I _still_ need to know what shell(s) you're working with -- both the user you're su-ing to _and_ the user you're su-ing _from_. These are especially important. Because they have a _massive_ effect on the environment(s) -- env(1).

--chris


----------



## aquilinum (Jul 19, 2013)

@Chris_H,

I can be at the system (have not tried it there), but right now I am over SSH. I have not modified login.conf nor have I modified ~/.login on either the source or the target user.

And I just figured it out. I set the user account to /usr/bin/false a long time ago. I'm so embarrassed.

Thanks Chris_H


----------



## Chris_H (Jul 19, 2013)

LOL, No worries. Stuff like that happens sometimes.  Glad you were able to sort it out.

--chris


----------

