How to Fix “su: Sorry” Error When Switching Users in macOS Terminal


2 views

When you encounter the su: Sorry error in macOS terminal, it's because you're trying to use the wrong authentication method. Unlike Linux systems where su works by default, macOS requires specific configuration for root access.

Remember these crucial points:

sudo - Uses your current user's password (the one you set during system setup)

su - Requires the root user's password (disabled by default in macOS)

Option 1: Use sudo instead

For most administrative tasks:

sudo -i
# or
sudo su -

Option 2: Enable root user (not recommended for security reasons)

dsenableroot
# Follow prompts to set root password
# Then su will work

Apple intentionally disabled direct root access because:

  • sudo provides better auditing through /var/log/secure.log
  • Granular permissions via /etc/sudoers
  • Prevents brute force attacks on root account

For development environments, consider these safer alternatives:

# Create dedicated admin user
sudo dscl . -create /Users/devadmin
sudo dscl . -create /Users/devadmin UserShell /bin/bash
sudo dscl . -create /Users/devadmin RealName "Developer Admin"
sudo dscl . -create /Users/devadmin UniqueID 510
sudo dscl . -create /Users/devadmin PrimaryGroupID 80
sudo dscl . -create /Users/devadmin NFSHomeDirectory /Users/devadmin

If you still experience issues:

# Check sudo permissions
sudo -l

# Verify authentication database
dscl . -read /Users/root AuthenticationAuthority

# Examine system logs
log show --predicate 'process == "su"' --last 1h

When you encounter the "su: Sorry" error in macOS, it's because the root user account is disabled by default in modern macOS versions (since OS X 10.8 Mountain Lion). Unlike Linux systems where su works out of the box, macOS requires additional configuration.

$ su
Password:
su: Sorry

Your admin password works with sudo because:

  • sudo uses your admin privileges
  • It's configured in /etc/sudoers
  • Doesn't require root account activation

Method 1: Enable Root User

The most complete solution is to enable the root account:

$ sudo dscl . -passwd /Users/root
Enter new password for root:
Verify password:

Now su should work with the new root password.

Method 2: Use sudo Instead

For most tasks, sudo -i provides similar functionality:

$ sudo -i
Password: [your admin password]
#

Method 3: Single-Command Alternative

For one-off root commands:

$ sudo bash -c "whoami; id"
root
uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),2(kmem)

Before enabling root:

  • Root access bypasses FileVault encryption
  • Increases attack surface
  • Consider using sudo for granular control

If you still get "su: Sorry" after enabling root:

$ dsenableroot
Enter root password:
Verify password:

Check system logs for details:

$ syslog | grep -i su