14

When I type the su command in a terminal I get 

 su: Authentication failure

Why doesn't this work in Ubuntu? I have tried this command in another Linux distro (Parrot OS) and it does work.

Zanna
  • 70,465
giga
  • 183

5 Answers5

25

Because in Ubuntu, by default, root has no password.

Without arguments, su means "switch user to root" and to do that you have to enter root's password, not your own. Unless you give root a password, it doesn't have one, so you can't literally log in as root.

Here's some background:

In the Unix world, there has always been a larger division between regular users and administrators, owing to the multiuser heritage of Unix. The approach taken in Unix is to grant superuser privileges only when needed. To do this, the su and sudo commands are commonly used.

Up until a few years ago, most Linux distributions relied on su for this purpose. su didn't require the configuration that sudo required, and having a root account is traditional in Unix. This introduced a problem. Users were tempted to operate as root unnecessarily. In fact, some users operated their systems as the root user exclusively, since it does away with all those annoying “permission denied” messages. This is how you reduce the security of a Linux system to that of a Windows system. Not a good idea.

When Ubuntu was introduced, its creators took a different tack. By default, Ubuntu disables logins to the root account (by failing to set a password for the account), and instead uses sudo to grant superuser privileges. The initial user account is granted full access to superuser privileges via sudo and may grant similar powers to subsequent user accounts.

~ The Linux Command Line

You can use su to switch user, if you know the password of the user to switch to, for example, I can su pixie to log in as my backup user.

Normally though, you should use sudo and your own password to authenticate, or to start a root shell, use sudo -i

Zanna
  • 70,465
  • 6
    Technically, su means "switch user" (and defaults to root.) It does not mean "super user." – MarkHu Sep 17 '16 at 00:02
  • 3
    I never said it meant super user! – Zanna Sep 17 '16 at 05:29
  • Well, technically is not that root has no password, root login is disabled. This is different. You can have an enable account where the password is literally empty (though you may have to modify the default restrictions on passwords). A disabled login will have a ! prepended to the password hash, since the representation used for the hash cannot contain !s you have that all inputs produce an invalid authentication. – Bakuriu Sep 17 '16 at 12:08
  • 2
    @Bakuriu A literally empty password is still a password. – Eliah Kagan Oct 05 '17 at 10:57
9

That is because in the other distros when installing them they usually will prompt you to set a root password as well as a user account password. Ubuntu does not ask for the root password during setup, only a user account password of a user that will have sudo access leaving the root account disabled in Ubuntu. If you want to have this enabled, set a password for the root account that will enable the root account allowing for the su command to work.

sudo passwd root

Hope this helps!

Terrance
  • 41,612
  • 7
  • 124
  • 183
5

Briefly

Root account is disabled by default in Ubuntu, hence doesn't have password set, so it causes that authentication failure

To become root in Ubuntu, you can use this

sudo -i
jiipeezz
  • 1,256
4

By default, su has no password. When you run that command, you're trying to log into the hidden root account on your machine. I'm going to assume that Parrot OS either uses the root account or sets its password to yours, because otherwise it wouldn't work.

If you want to use su, then you can run sudo passwd root and set the password you want to use to log in with su. This will also enable the root user as a full account user, however, so I don't recommend it.

Instead, when you need persistent root privileges in that shell, use sudo su. This will allow you to become root by using your own account and password. sudo -i will have the same effect (and people will recommend you use this instead).

TheWanderer
  • 19,395
  • 12
  • 50
  • 65
1

The su (super user authentication) is not configure for security and safe administration. When you install ubuntu you gets all administration access with sudo as 'fist user' [1000]. The 'root' privilege with sudo . The 'guest users' [1001,1002,1003 etc] will not be able to do super user authentication with sudo. Admin[user with 'root' privilege] need to add other 'guest user' to 'group' for superuser privileges.

You can do all suauthentication command with sudo in Ubuntu.

For other linux distributions system reads 'root user' as [500] and 'first user' as [501].

suauthentication gives you access to modify and delete any file or folder as root user.

You can login as superuser by

sudo -i

However, it is not recommended.

Rohit Tak
  • 29
  • 1
    No, su is not "super use authentication", it's "Substitute User". Check man su: "su - run a command with substitute user and group ID". Another minor nitpick: The root user has an ID of 0 on practically all UNIX-es. – András Aszódi Feb 02 '21 at 13:50