HPE Community
Operating System - HP-UX
1833840 Members
2591 Online
110063 Solutions
New Discussion

Re: How to restrict access to root to the users

 
SOLVED
Go to solution
Carme Torca
Super Advisor

‎10-07-2007 11:05 PM

‎10-07-2007 11:05 PM

How to restrict access to root to the users

Hi,

I would like to accept or to deny users' access to root.
Is it possible?.
And another thing, how could I deny acces to root first, I want to the users connect first to one user and then do # su - root

Thanks,
Carmen.
Users are not too bad ;-)
0 Kudos
Reply
5 REPLIES 5
Robert-Jan Goossens
Honored Contributor

‎10-07-2007 11:15 PM

‎10-07-2007 11:15 PM

Re: How to restrict access to root to the users

Hi Carmen,

Setup the /etc/securetty file.

# echo console > /etc/securetty

Root can only direct login on the console.

Regards,
Robert-Jan
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-07-2007 11:17 PM

‎10-07-2007 11:17 PM

Re: How to restrict access to root to the users

Shalom,

/etc/securetty

Have that file say console

An entry in there will restrict login to console only. That might make administration a bit more difficult. That does not deal with su - root logins. That can be disabled with pam configuration.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ivan Krastev
Honored Contributor

‎10-08-2007 12:08 AM

‎10-08-2007 12:08 AM

Solution

Re: How to restrict access to root to the users

Set SU_ROOT_GROUP in /etc/default/security.

SU_ROOT_GROUP=group_name The root group name is set to the specified symbolic group name. The su command enforces the restriction that a non-superuser must be a member of the specified root group to be allowed to su to root. This does not alter password checking.


See doc for more details - http://docs.hp.com/en/B2355-60103/security.4.html

regards,
ivan
Reply
Patrick Wallek
Honored Contributor

‎10-08-2007 01:24 AM

‎10-08-2007 01:24 AM

Re: How to restrict access to root to the users

>>I would like to accept or to deny users'
>>access to root.
>>Is it possible?.

Yes it is possible. Don't give your users the root password. The root password should be known to a VERY LIMITED number of people.

Other than than, the /etc/securetty and SU_ROOT_GROUP suggestions above are spot on.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎10-08-2007 02:53 AM

‎10-08-2007 02:53 AM

Re: How to restrict access to root to the users

If you have to ask the first question then I seriously doubt that YOU should have root access. Having a system where many people have root access is a sure method for system destruction. The root password should be severely restricted and only a few well-qualified people (meaning they know what they are doing) should have access. If that condition is met, it largely eliminates the need for your second question although that is easily done by created an /etc/securetty file with only the entry "console".
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.