Su or sudo don't work on fedora 28

I upgraded from Fedora 27 to 28 and I am no longer able to run sudo or su from command line, I was able to do so before upgrade, verified that my user is still part of wheel group, have tried googling for it a while but havent found any solution to this problem, any troubleshooting advice is highly appreciated

odd thing is , I cant even su to the same user with which I have logged in !,

[girish@girish ~]$ su - girish
su: Authentication failure


The only possibility I can think of is that, the user you are trying to login to, has set disabled (1) somewhere in update process!
You may want to set a (new) password for it.
For instanc $ passwd root will ask you for a new password for the root user.
If it went the expected way (i.e. you could login to root user by the new password you just set) then there shouldn’t be any problem for the rest…

(1): same as the sate of root user in later versions of Fedora

Open another terminal window and run journalctl -f in there. Then attempt su to your own user again and watch what gets written in the other terminal. The journalctl output should give you more insight on what might be wrong. You can hit Ctrl-C to stop the journalctl output.


thanks !, that showed following ,

May 25 20:57:58 girish su[26276]: pam_unix(su-l:auth): authentication failure; logname= uid=1000 euid=0 tty=pts/0 ruser=root rhost= user=girish
May 25 20:57:58 girish audit[26276]: USER_AUTH pid=26276 uid=1000 auid=0 ses=5 msg=‘op=PAM:authentication grantors=? acct=“girish” exe=“/usr/bin/su” hostname=girish addr=? terminal=pts/0 res=failed’
May 25 20:58:00 girish su[26276]: FAILED SU (to girish) root on pts/0

any suggestions what could be wrong?

Thanks, I have tried resetting the password for my user as root but no luck !

su or su -c ‘…’ is disabled with F29, I guess.
very inconvenient, indeed.
breaks all my scripts with su -c …

if you need to do root tasks use sudo -s

thanks , I am facing same problem for sudo too , the user is already part of wheel group , when I am prompted for password, it fails password validation,

[girish@girish ~]$ sudo -s ls
[sudo] password for girish: 
Sorry, try again.
[sudo] password for girish: 
Sorry, try again.
[sudo] password for girish: 
sudo: 2 incorrect password attempts

After I upgraded to Fedora 29, the problem is gone ! , thanks all for your answers

1 Like

Hello @girishbaxi. Welcome to the community! Please do take a few minutes to go over the introductory posts in #start-here when you have the time. They contain lots of useful information.

Your issue was pretty strange, like its resolution :slight_smile:
BTW it’s even better that you upgraded to Fedora 29, since Fedora 28 will be EOL very soon.

1 Like

Ah! If sudo was not working, how did you performed the upgrade? Using gnome software?

this won’t work this way.

  1. first typ: sudo -s and then the Enter key
  2. it will ask the password
  3. and then typ your command e.g. dnf install …

I have a problem that is tantilizing similar. I have been on Fedora 29 since late last year. Whenever I needed to use root commands i used su -l and typed my password followed by the ENTER key with no problems but today when I needed to run dnf I keep getting authentication failures. Now nothing has changed on my machine except for deinstalling & reinstalling printerthe option to install pending updates at boot up has not appeared since 29 was installed.

However in the last week I mostly completed the records for my FAS logon except for secure shell. This prompts me to ask whether a change in my FAS record on the server may result in corresponding changes on my clien such as switching su to use secure shell?

Well, this has been marked as a solution, but it really is not. The upgrade to Fedora 29 did something which enabled the sudo command again, but the error was somewhere else. I have been thinking about:

  • typing password with a different keyboard layout
  • some SElinux problem - could be worth trying with setenforce 0
  • incorrect rights to /etc/passwd or /etc/shadow
  • incorrectly placing the user into the wheel group
  • previously modifying the /etc/sudoers without using visudo

Anyway, you were lucky that the update fixed your situation. Enjoy Fedora.

The FAS process has probably nothing in common with your situation. The su -l command uses the root password to open a root console to run commands. This is not the same with the sudo command that only grants root privilege to a normal user.

Can you log into your system as a regular user normally? Can you use the sudo command to administer your computer? If yes, maybe the root password has been corrupted or disabled.


  • Switch to the root console using sudo -i . Does it work?
  • If so, change (or (re)create) the root password using passwd.
  • Return to the normal user console.
  • Try using the su -l command.

On my system after the install of Fedora 29 no downloaded updates have been applied since the install pending updates check box in the boot menu has not appeared. The only softare changes had to do with deinstall/reinstall of a package of EPSON printer drivers that came in a separate .rpm. This was a couple of weeks ago and then su -l allowed me to switch to root to run dnf.

In the last few days I mostly completed my FAS record with the one exception being that I did not specify secure shell. I speculate that FAS may change some settings on my client to match updates to FAS and may replace su -l with a secure shell operation.


My system is rare in thaat whatever caused the problem arrived this week.

Are you using some automated process that logs you into FAS using credentials from your computer? I believe that setting up FAS (at least the Fedora Accounts System account) is a completely independent process. Or do you mean some other FAS?

Have you tried recreating the root password and did it help? Can you use sudo to run commands?

II am not using any automated process as far as I know but would not be overly surprised to find such connections…

On my system only one thing has changed from a week ago when su -l worked to allow me to run dnf. That is the completion of my FAS record with the exception of secure shell. Because of a bug preventing install of pending updates the only install/deinstalls done were for EPSON printer support which came in their own rpm file.

When su -l does not work, it can point to some problems with the root password. The original post stated that sudo did not work either. I have asked, whether you have tried using sudo and if it worked. Can you please make sure?

Can you run sudo dnf update and does that do anything?