9

I have the su executable with the following permissions:

bash-4.2# ls -la /bin/su -rws--s--- 1 root wheel 59930 Sep 14 2012 ./su

When I am logged in as a user, not in the wheel group and try to run su, I get an error, which is correct:

bash-4.2$ su bash: /bin/su: Permission denied

After that I add this user to wheel group from root:

bash-4.2# usermod -a -G wheel user

But for the same terminal session I still can't run su:

bash-4.2$ su bash: /bin/su: Permission denied

For the new sessions I can run su. How to allow to run su instantly after I added the user to the appropriate group?

Improve this question
1
  • 1
    Joseph's newgrp answer is correct - but it applies ONLY to the shell that you run it in, so if you have multiple shells running it's easy to forget which you've run newgrp in and which you haven't. It can be simpler/easier to just logout and login again. Commented Sep 19, 2013 at 1:45

1 Answer 1

Reset to default
11

Simply have the user run

newgrp wheel

This will start a new shell with the group ID changed to that of wheel. If you want to start a new shell and kill off the previous one, use

exec newgrp wheel

instead.

This is because the kernel still has the previous groupset associated with the currently running processes.

Improve this answer
14
  • How can I run in in graphical terminal emulator? When I run newgrp wheel as a user, it asks for some password. Even when I type root password, it says: Invalid password Commented Sep 18, 2013 at 18:09
  • @user4035 Are we by any chance talking about a networked environment with an authentication mechanism like NIS/LDAP? If that's the case, it may be that the new group associations were not properly propagated to the client machine(s) yet. Commented Sep 18, 2013 at 18:21
  • No, it's my local machine. I login as user, then run X Session, then start a terminal and run su there to switch to root. I tried to run "newgrp wheel", but it asks for some password: bash-4.2$ newgrp wheel Password: root password doesn't work Commented Sep 18, 2013 at 18:29
  • @user4035 According to the man-page this will be the password of the user - not the password for root. This is logical, since this is basically the same as a new login. Commented Sep 18, 2013 at 20:57
  • 4
    Note that this answer is inaccurate since the effect of newgrp wheel is not to let "add the user to the wheel group" to take effect, the effect is that the primary GID of the user changed which is fundamentally different - e.g. newly created files will have the new GID. Commented May 26, 2018 at 21:34

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.