https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044460#M303499 put console in securetty to block direct telnet login as root<BR /><BR /># echo console &gt;&gt; /etc/securetty<BR /><BR />and add a group to the security file<BR /><BR />in /etc/default/security<BR /><BR />SU_ROOT_GROUP=mygroup<BR /><BR />then the users who you want to su as root add them to mygroup, and they will be the only ones allowed to su as root<BR /><BR /> Thu, 26 Jul 2007 11:46:34 GMT Aussan 2007-07-26T11:46:34Z https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044457#M303496 Hi all ,<BR />I want to know and to register the users that log on a HP9000 HPUX system , <BR />i have users that i don't want that they log as ROOT directly through telnet , i need them to log as their users and then do su - and log as root so i can identify them ,<BR />so how can i block a user to log as root directly when promt to login , <BR />note that all these connections are done through telnet or ssh , Thu, 26 Jul 2007 08:42:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044457#M303496 meekrob 2007-07-26T08:42:21Z https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044458#M303497 Hi,<BR /><BR />Simple answer, create the file /etc/securetty with the word console in it. Now root can only direct login from the console.<BR /><BR /># echo console &gt; /etc/securetty<BR /><BR />Regards,<BR />Robert-Jan Thu, 26 Jul 2007 09:16:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044458#M303497 Robert-Jan Goossens 2007-07-26T09:16:14Z https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044459#M303498 The second solution is better: download and install the sudo package. That way, users can be given SOME root privileges and will never need to know the root password. Thu, 26 Jul 2007 11:06:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044459#M303498 Bill Hassell 2007-07-26T11:06:37Z https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044460#M303499 put console in securetty to block direct telnet login as root<BR /><BR /># echo console &gt;&gt; /etc/securetty<BR /><BR />and add a group to the security file<BR /><BR />in /etc/default/security<BR /><BR />SU_ROOT_GROUP=mygroup<BR /><BR />then the users who you want to su as root add them to mygroup, and they will be the only ones allowed to su as root<BR /><BR /> Thu, 26 Jul 2007 11:46:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044460#M303499 Aussan 2007-07-26T11:46:34Z https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044461#M303500 sshd uses the configuration directive "PermitRootLogin" in sshd_config for allowing or denying root logins via ssh. You need this in addition to /etc/securetty.<BR /> Thu, 26 Jul 2007 12:15:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044461#M303500 Heironimus 2007-07-26T12:15:03Z https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044462#M303501 Can u tell me abt this sudo package, from which site i can get it.<BR /><BR />thnx Wed, 01 Aug 2007 09:18:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044462#M303501 Rahul Kumar Gupta 2007-08-01T09:18:35Z https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044463#M303502 Hi Rahul,<BR /><BR />Sudo is available for 11.11,11.23 and 11.31 from <BR /><BR /><A href="http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/" target="_blank">http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/</A><BR /><BR />Regards,<BR />Robert-Jan Wed, 01 Aug 2007 09:20:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044463#M303502 Robert-Jan Goossens 2007-08-01T09:20:39Z https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044464#M303503 For root history, we add the following in .profile so that each admin has their own history file - kind of a mini audit as well:<BR /><BR /># Set up logging<BR />HISTFILE=${HOME}/.sh_history_`who am i|awk '{ print $1}'`<BR />date &gt;&gt;$HISTFILE<BR />export HISTFILE<BR />HISTSIZE=5000<BR />export HISTSIZE<BR /><BR /><BR />Rgds...Geoff<BR /> Wed, 01 Aug 2007 12:19:24 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-log-as-root/m-p/4044464#M303503 Geoff Wild 2007-08-01T12:19:24Z