How can I force the users to login as root with 'su'?

How can I force the users to login as root with 'su'?

Post by Rodesch Gu » Fri, 18 Apr 1997 04:00:00



Hi,
I'am a novice to Solaris. I am wondering how I force the users to login
as root with 'su' utility? Is there possiblity to change the account of
root in that way.

Thanks in advance,

guy
--
+---------------------------------------------------------------+
| RODESCH Guy                       Tel.: (352) 49925 617       |
| Centre Informatique de l'Etat     Fax.: (352) 49925 750       |
| 1, rue Mercier                                                |

+---------------------------------------------------------------+

 
 
 

How can I force the users to login as root with 'su'?

Post by Lars Balker Rasmusse » Fri, 18 Apr 1997 04:00:00



> I'am a novice to Solaris. I am wondering how I force the users to login
> as root with 'su' utility? Is there possiblity to change the account of
> root in that way.

I'm not quite sure what you _don't_ want your users doing, but if they
must be able to log on as root, and you don't want them to log on the
console, change the line `CONSOLE=/dev/console' in /etc/default/login to
`CONSOLE=/dev/null'.

I find that to be a nuisance though, and would recommend sudo instead
<URL:http://www.courtesan.com/courtesan/products/sudo/>.
--
Lars Balker Rasmussen, Software Engineer, Mjolner Informatics ApS


 
 
 

How can I force the users to login as root with 'su'?

Post by mayer han » Sat, 19 Apr 1997 04:00:00




Quote:>Hi,
>I'am a novice to Solaris. I am wondering how I force the users to login
>as root with 'su' utility? Is there possiblity to change the account of
>root in that way.

look at /etc/default/login

# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console



 
 
 

How can I force the users to login as root with 'su'?

Post by Michael Stude » Sat, 19 Apr 1997 04:00:00




> > I'am a novice to Solaris. I am wondering how I force the users to login
> > as root with 'su' utility? Is there possiblity to change the account of
> > root in that way.

> I'm not quite sure what you _don't_ want your users doing, but if they
> must be able to log on as root, and you don't want them to log on the
> console, change the line `CONSOLE=/dev/console' in /etc/default/login to
> `CONSOLE=/dev/null'.

> I find that to be a nuisance though, and would recommend sudo instead
> <URL:http://www.courtesan.com/courtesan/products/sudo/>.
> --
> Lars Balker Rasmussen, Software Engineer, Mjolner Informatics ApS


Set root's shell to /usr/bin/false
They must login as themselves then su to root account.

Mike Studer

 
 
 

How can I force the users to login as root with 'su'?

Post by Alvin Sylvai » Sun, 20 Apr 1997 04:00:00





> > > I'am a novice to Solaris. I am wondering how I force the users to login
> > > as root with 'su' utility? Is there possiblity to change the account of
> > > root in that way.

> > I'm not quite sure what you _don't_ want your users doing, but if they
> > must be able to log on as root, and you don't want them to log on the
> > console, change the line `CONSOLE=/dev/console' in /etc/default/login to
> > `CONSOLE=/dev/null'.

> > I find that to be a nuisance though, and would recommend sudo instead
> > <URL:http://www.courtesan.com/courtesan/products/sudo/>.
> > --
> > Lars Balker Rasmussen, Software Engineer, Mjolner Informatics ApS

> Set root's shell to /usr/bin/false
> They must login as themselves then su to root account.

Ewwww ... doesn't that make running under Single-user Maintenance
mode rather painful?

A.

 
 
 

How can I force the users to login as root with 'su'?

Post by Thomas Schmidkun » Tue, 22 Apr 1997 04:00:00


Hi Guy,
just change "CONSOLE=/dev/console" to "CONSOLE=" in
/etc/default/login. Afterwards you have to login with a "normal"
Account, then su - root. Direct logins as root will get "Not on
system console".


 
 
 

How can I force the users to login as root with 'su'?

Post by Alastair Aitke » Thu, 24 Apr 1997 04:00:00



> Hi Guy,
> just change "CONSOLE=/dev/console" to "CONSOLE=" in
> /etc/default/login. Afterwards you have to login with a "normal"
> Account, then su - root. Direct logins as root will get "Not on
> system console".

I checked my /etc/default/login and found the following:

# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console

My system does not allow remote logins but only su - from another user.
I am running solars 2.5 on a
sparc server 20.  Console root logins are ok, btw.

Alastair.

 
 
 

How can I force the users to login as root with 'su'?

Post by Tony Walto » Thu, 24 Apr 1997 04:00:00




> > Hi Guy,
> > just change "CONSOLE=/dev/console" to "CONSOLE=" in
> > /etc/default/login. Afterwards you have to login with a "normal"
> > Account, then su - root. Direct logins as root will get "Not on
> > system console".

> I checked my /etc/default/login and found the following:

> # If CONSOLE is set, root can only login on that device.
> # Comment this line out to allow remote login by root.
> #
> CONSOLE=/dev/console

> My system does not allow remote logins but only su - from another user.

Makes sense.

The CONSOLE={wherever} statement in /etc/default login means

"if root tries to log in, only let them do so if they are on the device
identified as {wherever}".

By default you'd specify CONSOLE=/dev/console (meaning "if root tries to
log in, only let them log in if they are on /dev/console").

If you follow this argument further, Thomas' suggestion says

CONSOLE=

which means (essentially) "if root tries to log in, only let them log in
if the device they are trying to log in on doesn't have a name".  As a
device will *always* have a name (whether it be /dev/console or
/dev/pts/5, or whatever) root can never log in directly with this
setting (and will always have to log in as a non UID 0 user and use su).

The same applies to settings like CONSOLE=/dev/null (root's login device
will never be /dev/null !).

Personally I wouldn't recommend it.

If the CONSOLE statement doesn't appear in /etc/default/login at all (or
is commented out - same thing) then the system doesn't care which login
device root is trying to use.

Hope this makes sense!

--
Tony

My opinions may not coincide with those of Sun Microsystems at all times

 
 
 

1. What is the difference between 'login: root' and 'su -' ?

Hello,
first thank you for your effort.

Did the diff: nearly no difference till the failure point (only pid, time etc.).
Peter

--
------------------------------------------------------------------------

(Diplom-Informatiker Univ.)                   (PGP-key available)
Holzstr. 13                        WWW   :  http://www.ciselant.de
D-80469 Muenchen                   Phone :  +49 (0)89 - 69380934
------------------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. glibc version

3. Mute sound

4. Forced 'su' other than root.

5. problem with new glibc in RH 5.0???

6. 'su --login user -c command' doesn't run loggin scripts

7. Location of vprint?

8. 'failed running login shell' no non-root user login possible

9. Path as "su" doesn't equal path as root or as login user

10. How to make a function available when login remotely and 'su root'?

11. No 'su root' privileges user. How ?

12. no 'su root' privileges user. How ?