Su to root without a password

Now to start off I must say I’m not recommending that you do this, but can be good to know.

If you need to gain root privileges from a user account without a password on a system where you can’t or would prefer not to install sudo, this method could be for you.

As any FreeBSD user knows, sudo is not installed by default with the standard distro, actually a good thing in my opinion. Not forcing extra software on you, instead just letting you decide what you need.

What we are going to do is basically the same thing as this config line for sudo


Which says, any user in group ‘wheel’ can execute anything, such as a shell, without a password.

The alternative way to this in FreeBSD 5.x and newer, without sudo, is to add a rule into /etc/pam.d/su

auth		sufficient 		trust use_uid

The contents of /etc/pam.d/su should now look something like this

# auth
auth		sufficient           no_warn
auth		sufficient             no_warn
auth		requisite            no_warn group=wheel root_only fail_safe
auth		sufficient            trust use_uid
auth		include		system

# account
account		include		system

# session
session		required

Now make sure the user that requires the passwordless access is indeed in wheel. All that’s left to do now is to test by su’ing to root, it should let you right in.

To run a ‘one liner’ as root like you would with ‘sudo whoami’ you can use this command

$ su -m root -c 'whoami'

Bit more to type but it does the job.

When your done you can just disable it by removing/hash the line out of /etc/pam.d/su, no mucking about with packages or ports.

You may also like...