HPE Community
Operating System - HP-UX
1752577 Members
5125 Online
108788 Solutions
New Discussion юеВ

Force su to gain access to root

 
SOLVED
Go to solution
Erik Kennedy
Occasional Contributor

тАО10-06-2000 10:06 AM

тАО10-06-2000 10:06 AM

Force su to gain access to root

I am trying to highten security at my site and one way that I want to do this is to force the admins to su to become root and only allow root to login at the console instead of logging in from any terminal as root. In Solaris this is accomplished via the /etc/default/login file. How is this done in HP-UX?
The ultimate measure of a man is not during moments of comfort and convenience but during times of conflict and controversy.
0 Kudos
Reply
10 REPLIES 10
Kofi ARTHIABAH
Honored Contributor

тАО10-06-2000 10:15 AM

тАО10-06-2000 10:15 AM

Re: Force su to gain access to root

create a file called /etc/securetty
and specify console in it - try

# echo "console" > /etc/securetty

nothing wrong with me that a few lines of code cannot fix!
Reply
James R. Ferguson
Acclaimed Contributor

тАО10-06-2000 10:17 AM

тАО10-06-2000 10:17 AM

Re: Force su to gain access to root

Erik:

/etc/securetty is the file you want. Do the following:

# echo console >> /etc/securetty
# chmod 600 /etc/securetty

...JRF...
Reply
Rick Garland
Honored Contributor

тАО10-06-2000 10:24 AM

тАО10-06-2000 10:24 AM

Re: Force su to gain access to root

sudo is an option that allows for greater control and logging facilities. In addition the setting up the securetty file, can have the administrators do an 'sudo su'. All other users can be prevented from doing the 'sudo su' and the sudo logs will indicate who tried, when they tried, from where they tried, and what happened. The users can be placed into specific groups with the sudoers file if they need to run certain commands as root. Detail loggin will be the result of who did what and when.

sudo can be obtained from the porting center or from www.courtesan.com.
0 Kudos
Reply
Adi Kremer
Occasional Advisor

тАО10-06-2000 10:26 AM

тАО10-06-2000 10:26 AM

Re: Force su to gain access to root

The same concept works if you create /etc/securetty.

If the /etc/securetty file is present, login security is in effect.
Only user root is allowed to log in successfully on the ttys listed in
this file. Restricted ttys are listed by device name, one per line.
Valid tty names are dependent on the installation. An example is:
console
tty01
tty02
etc.

Adi
0 Kudos
Reply
Erik Kennedy
Occasional Contributor

тАО10-06-2000 10:34 AM

тАО10-06-2000 10:34 AM

Re: Force su to gain access to root

I have read about /etc/securetty and the thing that scares me is that from what I understand when I specify console, etc ONLY root can login at those terminals. I want to make it where root can only login at the console but ensure that other login can occur there as well. Is that possible? Thanks for the responses so far......
The ultimate measure of a man is not during moments of comfort and convenience but during times of conflict and controversy.
0 Kudos
Reply
Rick Garland
Honored Contributor

тАО10-06-2000 10:36 AM

тАО10-06-2000 10:36 AM

Solution

Re: Force su to gain access to root

Yes - additional logins can occur on the console. With the securetty file you are just saying that root can only login directly on the console. The root acct cannot login directly anywhere else. This has no effect againest the other accts from using the console.
Reply
Kofi ARTHIABAH
Honored Contributor

тАО10-06-2000 10:36 AM

тАО10-06-2000 10:36 AM

Re: Force su to gain access to root

Erik:

That is not exactly correct. Any one with access to the console can login. Any one can login from any where else, but in order to become root remotely, you need to su. the securetty is what you are looking for.
nothing wrong with me that a few lines of code cannot fix!
Reply
James R. Ferguson
Acclaimed Contributor

тАО10-06-2000 10:38 AM

тАО10-06-2000 10:38 AM

Re: Force su to gain access to root

Erik:

Do a "man login". This is where securetty is documented. It is designed for root, so other users could still login.

...JRF...
0 Kudos
Reply
Erik Kennedy
Occasional Contributor

тАО10-06-2000 10:43 AM

тАО10-06-2000 10:43 AM

Re: Force su to gain access to root

THANKS!!!!! To all of you who submitted answers I appreciate it. I feel far more secure now in implementing this as a security option!!!
The ultimate measure of a man is not during moments of comfort and convenience but during times of conflict and controversy.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.