HPE Community
Operating System - HP-UX
1834173 Members
2696 Online
110064 Solutions
New Discussion

Re: Telnet and root

 
SOLVED
Go to solution
Stefano_65
Regular Advisor

‎01-09-2005 08:42 PM

‎01-09-2005 08:42 PM

Telnet and root

Hi everybody,
I need to deny a direct access of some users (root, oracle) via telnet, force them to login as different user and using su.
Logins are not restricted to specific hosts.

Any suggest?

thanks.

s.

0 Kudos
Reply
6 REPLIES 6
Robert-Jan Goossens
Honored Contributor

‎01-09-2005 08:50 PM

‎01-09-2005 08:50 PM

Re: Telnet and root

Hi Stefano,

For root it is easy.

Create a file called /etc/securrety
# echo console > /etc/securetty
# chmod 400 /etc/securrety

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x7924cbaac6dcd5118ff40090279cd0f9,00.html

Best regards,
Robert-Jan
Reply
Stefano_65
Regular Advisor

‎01-09-2005 09:22 PM

‎01-09-2005 09:22 PM

Re: Telnet and root

Ok for root access.
Now, I'va a new question: I want to allow su - root only for some users.. Can I do this?

Thanks again!

s.
0 Kudos
Reply
Fred Ruffet
Honored Contributor

‎01-09-2005 09:37 PM

‎01-09-2005 09:37 PM

Re: Telnet and root

When using su, user displayed by "who -m" is always the user who first issued telnet to the host. You can then in root's .profile get result of this command and compare to a valid user list (only readable and writable by root).

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎01-09-2005 09:41 PM

‎01-09-2005 09:41 PM

Re: Telnet and root

Hi Stefano,

Check this doc.

How can one keep users from running the su(1) command, yet still allow
a couple of users to be able to do this?
RESOLUTION
This feature is available via the SU_ROOT_GROUP parameter on HP-UX 11.11
and HP-UX 11.00 with the following patch installed:

PHCO_15232 s700_800 11.00 su(1) cumulative patch
The current version is PHCO_16127.

http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000076457542

Hope this helps,
Robert-Jan
Reply
Michael Selvesteen_2
Trusted Contributor

‎01-09-2005 09:45 PM

‎01-09-2005 09:45 PM

Solution

Re: Telnet and root

Yes you can restrict 'su' for certain users
by specifying in

/etc/default/security

man security shows:

SU_ROOT_GROUP

This parameter defines the root group name for the su
command. Refer to su(1).

SU_ROOT_GROUP=group_name The root group name is set to
the specified symbolic group name. The su command
enforces the restriction that a non-superuser must be a
member of the specified root group to be allowed to su
to root. This does not alter password checking.

Default value: If this parameter is not defined or if
it is commented out, there is no default value. In
this case, a non superuser is allowed to su to root
without being bound by root group restrictions.


Hope this helps

--
M

Reply
Stefano_65
Regular Advisor

‎01-09-2005 09:48 PM

‎01-09-2005 09:48 PM

Re: Telnet and root

thanks everybody!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.