Restrict root use su login?

Restrict root use su login?

Post by Tom Weav » Wed, 14 Oct 1998 04:00:00





Quote:>    In AIX, how can I only allow the root login only by su?

'smit users', 'change/show characteristics of a user', specify root.

set 'another user can su to user' to true, and 'user can login' and
'user can login remotely' to false.

--
______________
Tom Weaver        (512) 838 8277, T/L 678-8277

 
 
 

Restrict root use su login?

Post by John R. Campbe » Wed, 14 Oct 1998 04:00:00





>>        In AIX, how can I only allow the root login only by su?

>'smit users', 'change/show characteristics of a user', specify root.

>set 'another user can su to user' to true, and 'user can login' and
>'user can login remotely' to false.

        This may not be that good an idea.  You can (via smit) tell
        the system WHERE root may log in (linux allows this too) by
        setting "Valid TTYs"-  If you've a tube on the system (and,
        I assume, the machine is in a physically secure location)
        /dev/lft0 is a good candidate.  If you're using an ASCII
        terminal of some kind, it'd probably be /dev/tty0, so this
        could be defined.

        The idea here is to limit root's log-in to a "physically
        secure" location.  If you're using NIS, for instance, if a
        NIS server goes down you cannot log in to an account this
        isn't present in the local /etc/passwd file.

        Of course, if the machine is NOT in a physically secure room,
        well, all bets are off.  I hope the CPU key is locked up
        (along with install media)...

--

 - As a SysAdmin, yes, I CAN read your e-mail, but I DON'T get that bored!
   Disclaimer:  All opinions expressed are those of John Campbell alone and
                do not reflect the opinions of his employer(s) or lackeys
                thereof.  Anyone who says differently is itching for a fight!

 
 
 

Restrict root use su login?

Post by Martin Glassboro » Fri, 16 Oct 1998 04:00:00






>>      In AIX, how can I only allow the root login only by su?

>'smit users', 'change/show characteristics of a user', specify root.

>set 'another user can su to user' to true, and 'user can login' and
>'user can login remotely' to false.

I would be very tempted to leave 'user can login' as true and prevent
remote logins as root, especially if the box is in a physically secure
environment.

Martin

--
Martin Glassborow

 
 
 

1. su login or using the RHS root login window

I would like to be able to login as root from another account.  I can do
so using su but linux won't let me use any programs or shell scripts
owned by root.  Furthermore when I type env under a root login
(logged in from another account) I get the other accounts information,
not roots.

2. 14.4 Gig Drive...

3. root logins & "su" to root

4. complaints in /var/adm/messages about SCSI disks and CDROM

5. differences between su root and su - root

6. xterminal CDE problem

7. su root: You do not have permission to su root ?

8. HELP: QLogic PCI SCSI install troubles...

9. Solution: differences between su root and su - root

10. want to restrict root to su only

11. Restrict su to root.

12. how to restrict who can su to root

13. restricting login to "su-only" under Solaris 2.6