HPE Community
Operating System - HP-UX
1846883 Members
3404 Online
110256 Solutions
New Discussion

Re: Direct root access

 
SOLVED
Go to solution
Prashant_15
Occasional Contributor

‎10-28-2003 08:10 AM

‎10-28-2003 08:10 AM

Direct root access

How to restrict direct root access on HP-UX?

Please reply

Thanks and regards
Prashant
0 Kudos
Reply
9 REPLIES 9
Ken Penland_1
Trusted Contributor

‎10-28-2003 08:14 AM

‎10-28-2003 08:14 AM

Solution

Re: Direct root access

vi /etc/securetty and put the word console in it by itself, this will prevent root from logging in from anywhere but the console...you can still su to root however.
'
Reply
Jeff Schussele
Honored Contributor

‎10-28-2003 08:14 AM

‎10-28-2003 08:14 AM

Re: Direct root access

Hi Prashant,

Do the following:

echo console > /etc/securetty
chown root:sys /etc/securetty
chmod 400 /etc/securetty

Now the only place that root can login from directly is the console.
If the file already exists, insure it only contains the string console

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Pramod_4
Trusted Contributor

‎10-28-2003 08:16 AM

‎10-28-2003 08:16 AM

Re: Direct root access

1) Enable /etc/securetty to restrict root to console.
2) Use sudo to avoid direct use of root account.

Pramod
Reply
Patrick Wallek
Honored Contributor

‎10-28-2003 08:22 AM

‎10-28-2003 08:22 AM

Re: Direct root access

See responses in your other question as well:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=241288
Reply
Prashant_15
Occasional Contributor

‎10-28-2003 08:32 AM

‎10-28-2003 08:32 AM

Re: Direct root access

Cheers,

Many thanks..

0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎10-28-2003 08:35 AM

‎10-28-2003 08:35 AM

Re: Direct root access

Prashant

You can also do the following

edit /etc/profile and add the following lines

loginid=`who am i | awk '{print $1}'`

echo $loginid
if [$loginid = root ]
then
exit
fi


this will exit the direct root login , however a user can login as a user and then su to root .


Manoj Srivastava
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-28-2003 12:31 PM

‎10-28-2003 12:31 PM

Re: Direct root access

Easy: change the root password and never give it out to anyone. A bit more useful: download sudo and specify the commands and parameters allowed for certain users. They will never be allowed to login as root but can perform certain restricted tasks on behalf of root.


Bill Hassell, sysadmin
0 Kudos
Reply
Wilfredo R. Castro
Occasional Advisor

‎10-28-2003 05:04 PM

‎10-28-2003 05:04 PM

Re: Direct root access

How to download the SUDO and what it does exactly?
Willie Castro
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-29-2003 12:27 AM

‎10-29-2003 12:27 AM

Re: Direct root access

The best source for HP-UX programs is found at http://hpux.connect.org.uk/ which is the Liverpool archive (there are several mirrors around the world). Essentially, you define user access in a file called sudoers which can be extensively configured for simple or complex commands and parameters. You can configure it so that the user simply types sudo in front of each command that requires root access. sudo logs everything so you can see the commands that were run. Knowledge of the root password is not needed.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.