diff --git a/doc/misc/tramp.texi b/doc/misc/tramp.texi
index 5ce41091048..7b3a4808a45 100644
--- a/doc/misc/tramp.texi
+++ b/doc/misc/tramp.texi
@@ -852,12 +852,20 @@ as the @option{rsh} method.
 @cindex method @option{su}
 @cindex @option{su} method
 @item @option{su}
+@cindex method @option{surs}
+@cindex @option{surs} method
+@item @option{surs}
 
 Instead of connecting to a remote host, @command{su} program allows
 editing as another user.  The host can be either @samp{localhost} or
 the host returned by the function @command{(system-name)}.
 @xref{Multi-hops}, for an exception to this behavior.
 
+Method @option{surs} is the same like method @option{su}, but it uses
+the modern @command{su-rs} program.  It can be used instead wherever
+method @option{su} is mentioned in this manual.  @option{surs} is an
+optional method, @pxref{Optional methods}.
+
 @cindex method @option{androidsu}
 @cindex @option{androidsu} method
 @item @option{androidsu}
@@ -876,6 +884,9 @@ default on @code{android} systems only.
 @cindex method @option{sudo}
 @cindex @option{sudo} method
 @item @option{sudo}
+@cindex method @option{sudors}
+@cindex @option{sudors} method
+@item @option{sudors}
 
 Similar to @option{su} method, @option{sudo} uses @command{sudo}.
 @command{sudo} must have sufficient rights to start a shell.
@@ -884,6 +895,11 @@ For security reasons, a @option{sudo} connection is disabled after a
 predefined timeout (5 minutes by default).  This can be changed,
 @pxref{Predefined connection information}.
 
+Method @option{sudors} is the same like method @option{sudo}, but it
+uses the modern @command{sudo-rs} program.  It can be used instead
+wherever method @option{sudo} is mentioned in this manual.
+@option{sudors} is an optional method, @pxref{Optional methods}.
+
 @cindex method @option{doas}
 @cindex @option{doas} method
 @item @option{doas}
diff --git a/etc/NEWS b/etc/NEWS
index 4e27d6fc44e..0b8d624d923 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -327,13 +327,13 @@ deleted implicitly by functions like 'kill-buffer', 'bury-buffer' and
 +++
 *** Buffer-local window change functions run in their buffers now.
 Running the buffer-local version of each of the abnormal hooks
-'window-buffer-change-functions', 'window-size-change-functions'
+'window-buffer-change-functions', 'window-size-change-functions',
 'window-selection-change-functions' and 'window-state-change-functions'
 will make the respective buffer temporarily current for running the
-hook.'
+hook.
 
 +++
-*** 'window-buffer-change-functions' is run for removed buffer too.
+*** 'window-buffer-change-functions' is run for removed buffers too.
 The buffer-local version of 'window-buffer-change-functions' may be run
 twice now: Once for the buffer removed from the respective window and
 once for the buffer now shown in that window.
@@ -1882,6 +1882,11 @@ default, "sudo".
 +++
 *** 'tramp-file-name-with-method' can now be set as connection-local variable.
 
++++
+*** New optional connection methods "surs" and "sudors".
+These connection methods are similar to "su" and "sudo", but they use
+the modern 'su-rs' and 'sudo-rs' commands.
+
 +++
 *** Connection method "kubernetes" supports now optional namespace.
 The host name for Kubernetes connections can be of kind
@@ -3320,10 +3325,10 @@ The column number is no longer available; the line number will be
 removed in next Emacs release.
 
 +++
-** defvar-keymap can now take a ':prefix t' option.
+** 'defvar-keymap' can now take a ':prefix t' option.
 This is an abbreviation for using the name of the keymap as the prefix
-command name.  E.g. (defvar-keymap foo-map :prefix t) is equivalent to
-(defvar-keymap foo-map :prefix 'foo-map).
+command name.  E.g., '(defvar-keymap foo-map :prefix t)' is equivalent
+to '(defvar-keymap foo-map :prefix 'foo-map)'.
 
 
 * Changes in Emacs 31.1 on Non-Free Operating Systems
diff --git a/lisp/comint.el b/lisp/comint.el
index c7315a90181..b7c609ed469 100644
--- a/lisp/comint.el
+++ b/lisp/comint.el
@@ -408,7 +408,8 @@ This variable is buffer-local."
       "Vault" "SSH" "BECOME"
       "Enter Auth" "enter auth" "Old" "old" "New" "new" "login"
       "Kerberos" "CVS" "UNIX" " SMB" "LDAP" "PEM" "SUDO"
-      "[sudo]" "doas" "Repeat" "Bad" "Retype" "Verify")
+      "[sudo]" "[sudo: authenticate]" "[su: authenticate]"
+      "doas" "Repeat" "Bad" "Retype" "Verify")
     t)
    ;; Allow for user name to precede password equivalent (Bug#31075).
    " +.*\\)"
diff --git a/lisp/net/tramp-cmds.el b/lisp/net/tramp-cmds.el
index 6042209d4f0..a4f74383325 100644
--- a/lisp/net/tramp-cmds.el
+++ b/lisp/net/tramp-cmds.el
@@ -631,9 +631,9 @@ For details, see `tramp-rename-files'."
 (defcustom tramp-file-name-with-method "sudo"
   "Which method to be used in `tramp-file-name-with-sudo'."
   :group 'tramp
-  :version "30.1"
-  :type '(choice (const "su")
-		 (const "sudo")
+  :version "31.1"
+  :type '(choice (const "su") (const "surs")
+		 (const "sudo") (const "sudors")
 		 (const "doas")
 		 (const "run0")
 		 (const "ksu"))
diff --git a/lisp/net/tramp-sh.el b/lisp/net/tramp-sh.el
index 8922adb7586..98e3cae5a79 100644
--- a/lisp/net/tramp-sh.el
+++ b/lisp/net/tramp-sh.el
@@ -521,6 +521,42 @@ The string is used in `tramp-methods'.")
 
   (tramp-set-completion-function "nc" tramp-completion-function-alist-telnet))
 
+;;;###tramp-autoload
+(defun tramp-enable-surs-method ()
+  "Enable \"surs\" method."
+  (add-to-list 'tramp-methods
+               `("surs"
+                 (tramp-login-program        "su-rs")
+                 (tramp-login-args           (("-") ("%u")))
+                 (tramp-remote-shell         ,tramp-default-remote-shell)
+                 (tramp-remote-shell-login   ("-l"))
+                 (tramp-remote-shell-args    ("-c"))
+                 (tramp-connection-timeout   10)))
+
+  (add-to-list 'tramp-default-user-alist
+	       `(,(rx bos "surs" eos) nil ,tramp-root-id-string))
+
+  (tramp-set-completion-function "surs" tramp-completion-function-alist-su))
+
+;;;###tramp-autoload
+(defun tramp-enable-sudors-method ()
+  "Enable \"sudors\" method."
+  (add-to-list 'tramp-methods
+               `("sudors"
+                 (tramp-login-program        "sudo-rs")
+                 (tramp-login-args           (("-u" "%u") ("-s") ("%l")))
+                 (tramp-remote-shell         ,tramp-default-remote-shell)
+                 (tramp-remote-shell-login   ("-l"))
+                 (tramp-remote-shell-args    ("-c"))
+                 (tramp-connection-timeout   10)
+                 (tramp-session-timeout      300)
+		 (tramp-password-previous-hop t)))
+
+  (add-to-list 'tramp-default-user-alist
+	       `(,(rx bos "sudors" eos) nil ,tramp-root-id-string))
+
+  (tramp-set-completion-function "sudors" tramp-completion-function-alist-su))
+
 ;;;###tramp-autoload
 (defun tramp-enable-run0-method ()
   "Enable \"run0\" method."
@@ -2964,7 +3000,10 @@ the result will be a local, non-Tramp, file name."
 	    ;; use a user name from the config file.
 	    (when (and (tramp-string-empty-or-nil-p uname)
 		       (string-match-p
-			(rx bos (| "su" "sudo" "doas" "run0" "ksu") eos) method))
+			(rx bos
+			    (| "su" "surs" "sudo" "sudors" "doas" "run0" "ksu")
+			    eos)
+			method))
 	      (setq uname user))
 	    (when (setq hname (tramp-get-home-directory v uname))
 	      (setq localname (concat hname fname)))))
diff --git a/lisp/net/tramp.el b/lisp/net/tramp.el
index 546ffa5d638..ec57aca0568 100644
--- a/lisp/net/tramp.el
+++ b/lisp/net/tramp.el
@@ -418,12 +418,12 @@ Notes:
 All these arguments can be overwritten by connection properties.
 See Info node `(tramp) Predefined connection information'.
 
-When using `su', `sudo' or `doas' the phrase \"open connection to
-a remote host\" sounds strange, but it is used nevertheless, for
-consistency.  No connection is opened to a remote host, but `su',
-`sudo' or `doas' is started on the local host.  You should
-specify a remote host `localhost' or the name of the local host.
-Another host name is useful only in combination with
+When using `su', `surs', `sg', `sudo', `sudors', `doas', `run0' or `ksu'
+the phrase \"open connection to a remote host\" sounds strange, but it
+is used nevertheless, for consistency.  No connection is opened to a
+remote host, but the respective command is started on the local host.
+You should specify a remote host `localhost' or the name of the local
+host.  Another host name is useful only in combination with
 `tramp-default-proxies-alist'.")
 
 (defcustom tramp-default-method
@@ -5239,10 +5239,11 @@ Do not set it manually, it is used buffer-local in `tramp-get-lock-pid'.")
 	     vec "Method `%s' is not supported for multi-hops"
 	     (tramp-file-name-method item)))))
 
-      ;; Some methods ("su", "sg", "sudo", "doas", "run0", "ksu") do
-      ;; not use the host name in their command template.  In this
-      ;; case, the remote file name must use either a local host name
-      ;; (first hop), or a host name matching the previous hop.
+      ;; Some methods ("su", "surs", "sg", "sudo", "sudors", "doas",
+      ;; "run0", "ksu") do not use the host name in their command
+      ;; template.  In this case, the remote file name must use either
+      ;; a local host name (first hop), or a host name matching the
+      ;; previous hop.
       (let ((previous-host (or tramp-local-host-regexp "")))
 	(setq choices target-alist)
 	(while (setq item (pop choices))
diff --git a/test/lisp/comint-tests.el b/test/lisp/comint-tests.el
index d981aad7198..0ae5daa70ca 100644
--- a/test/lisp/comint-tests.el
+++ b/test/lisp/comint-tests.el
@@ -38,6 +38,8 @@
     "Enter your password: "             ; python3 -m twine ... Bug#37636
     "Passphrase for key root@GNU.ORG: " ; plink
     "[sudo] password for user:" ; Ubuntu sudo
+    "[sudo: authenticate] Password:" ; sudo-rs
+    "[su: authenticate] Password:" ; su-rs
     "[sudo] user 的密码：" ; localized
     "doas (user@host) password:" ; OpenBSD doas
     "PIN for user:"        ; Bug#35523