Software & AppsOperating SystemLinux

Why am I getting “Authentication failure” with the “su” command?

July 28, 2023
Ubuntu 11

In the world of Unix and Linux, the su command is a powerful tool that allows users to switch to another user account on the same system. However, it can be quite frustrating when you encounter an “Authentication failure” message while using this command. This article will delve into the possible reasons for this issue and how to resolve them.

Quick Answer

If you are getting an "Authentication failure" with the "su" command, it could be due to one of the following reasons: no root password set, root account disabled or password not set, missing setuid bit on /bin/su, or user’s entry missing in /etc/shadow. To resolve this issue, you can use the "sudo" command instead of "su" or check and fix the specific cause mentioned in the article.

Table of Contents
  1. Understanding the su Command
  2. Common Causes of “Authentication failure” with su
  3. Conclusion

Understanding the su Command

Before we get into the reasons for the authentication failure, it’s important to understand what the su command does. The su command, short for “substitute user” or “switch user”, allows you to change to a different user account without logging out and back in. You can use it in the following way:

su - [username]

In this command, [username] is the account you want to switch to. If you run su without specifying a username, it will default to the root user.

Common Causes of “Authentication failure” with su

1. No Root Password Set

One of the most common reasons for an “Authentication failure” message is that there is no root password set. By default, Ubuntu and some other Linux distributions do not set a root password during installation. This means that you cannot switch to the root user using su.

Instead, these systems use the sudo command, which stands for “superuser do”. This command allows you to execute commands with administrative privileges using your own password. To get a root shell, you can use the following command:

sudo -i

The -i (simulate initial login) option runs the shell specified in the root user’s password database entry as a login shell. This means that login-specific resource files are read by the shell.

2. Root Account Disabled or Password Not Set

In some cases, the root account may be disabled or the password may not be set. This is another reason why you may get an “Authentication failure” message when using su. Again, the solution here is to use sudo to run commands as root.

3. Missing setuid Bit on /bin/su

The setuid bit is a permission bit that allows the user to run the file with the permissions of the file owner. If this bit is missing from the /bin/su file, you may get an “Authentication failure” message. You can check if the setuid bit is set using the following command:

ls -l /bin/su

If the setuid bit is set, you will see an “s” in the permission string. If it is not set, you will see an “x”. To fix this, you can set the setuid bit using the following command:

sudo chmod u+s /bin/su

In this command, chmod changes the permissions of files or directories. The u+s option sets the setuid bit.

4. User’s Entry Missing in /etc/shadow

The /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password. If a user’s entry is missing in this file, it can cause authentication failures.

To add the missing entry, you will need to edit the /etc/shadow file. However, this should be done with caution, as incorrect changes can cause serious system issues. It is recommended to backup the file before making any changes.

Conclusion

In conclusion, there are several reasons why you may get an “Authentication failure” message when using the su command. Understanding these reasons and knowing how to resolve them can help you use the su command effectively. Remember, the sudo command is the preferred method for running commands as root in many Linux distributions.

What is the difference between `su` and `sudo`?

The su command allows you to switch to another user account, including the root user, while the sudo command allows you to run a command with administrative privileges. The main difference is that su requires the password of the target user, while sudo requires your own password.

How do I switch to the root user using `sudo`?

To switch to the root user using sudo, you can use the following command: sudo -i. This will give you a root shell, allowing you to execute commands with administrative privileges.

Can I use `su` to switch to any user account?

Yes, you can use su to switch to any user account on the system, as long as you have the password for that account. However, keep in mind that switching to another user account may require administrative privileges.

How can I check if the setuid bit is set for `/bin/su`?

You can check if the setuid bit is set for /bin/su by running the following command: ls -l /bin/su. If the setuid bit is set, you will see an "s" in the permission string. If it is not set, you will see an "x".

What should I do if a user’s entry is missing in `/etc/shadow`?

If a user’s entry is missing in the /etc/shadow file, you will need to add the missing entry. However, editing this file should be done with caution, as incorrect changes can cause serious system issues. It is recommended to backup the file before making any changes.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Avatar photo
Brent CohenAuthor

Brent is a writer for DeviceTests, where he specializes in PC components, PC accessories and gadgets. He’s also written for various other publications on gaming consoles, smartphones and laptops.

Related Posts
Ubuntu 18
How To Access Ubuntu Server in VirtualBox from Outside?
July 19, 2023
Ubuntu 1
How To Fix Random Crashes in LibreOffice?
July 19, 2023
Ubuntu 4
How To Change Cursor on Ubuntu 18.04
July 22, 2023