>1). I have upgraded from SunOS 4.x to Solaris 2.5.1. Under SunOS 4.x, I
>used to be able to restrict su so that only users in a certain group
>(wheel) could su to root. Is there any way of restricting su like this
>under Solaris? Users still need to be able to be able to su to users
>other than root. Obviously, I have a password on root, but I would like
>this extra level of security.
Check ftp.wins.uva.nl:/pub/solaris for some modules that add such support.
Quote:>2). The setup at the moment only allows me to login directly as root on
>the system console. But is there a way of changing this so that even on
>the console you have to use su to become root?
(The Question isn't what you asked, but the answer is there:)
The solaris FAQ says:
3.7) Why can't I rlogin/telnet in as root?
>... when I try to rlogin as root ...
>it gives me the message "Not on system console
>Connection closed.". What have I left out?
Solaris 2 comes out of the box a heck of a lot more secure than
Solaris 1. There is no '+' in the hosts.equiv. root logins are not
allowed anywhere except the console. All accounts require passwords.
In order to allow root logins over the net, you need to edit the
/etc/default/login file and comment out or otherwise change the
This file's CONSOLE entry can actually be used in a variety of ways:
1) CONSOLE=/dev/console (default) - direct root logins only on console
2) CONSOLE=/dev/ttya - direct root logins only on /dev/ttya
3) CONSOLE= - direct root logins disallowed everywhere
4) #CONSOLE (or delete the line) - root logins allowed everywhere
/etc/hosts.equiv is still supported, but there is no default.
--- end of excerpt from the FAQ
Questions marked with a * or + have been changed or added since
the FAQ was last posted
The most recently posted version of the FAQ is available from
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.