HPE Community
Operating System - HP-UX
1847325 Members
2610 Online
110264 Solutions
New Discussion

Re: User log as Root

 
SOLVED
Go to solution
meekrob
Super Advisor

‎07-26-2007 01:42 AM

‎07-26-2007 01:42 AM

User log as Root

Hi all ,
I want to know and to register the users that log on a HP9000 HPUX system ,
i have users that i don't want that they log as ROOT directly through telnet , i need them to log as their users and then do su - and log as root so i can identify them ,
so how can i block a user to log as root directly when promt to login ,
note that all these connections are done through telnet or ssh ,
0 Kudos
Reply
7 REPLIES 7
Robert-Jan Goossens
Honored Contributor

‎07-26-2007 02:16 AM

‎07-26-2007 02:16 AM

Re: User log as Root

Hi,

Simple answer, create the file /etc/securetty with the word console in it. Now root can only direct login from the console.

# echo console > /etc/securetty

Regards,
Robert-Jan
Reply
Bill Hassell
Honored Contributor

‎07-26-2007 04:06 AM

‎07-26-2007 04:06 AM

Re: User log as Root

The second solution is better: download and install the sudo package. That way, users can be given SOME root privileges and will never need to know the root password.


Bill Hassell, sysadmin
0 Kudos
Reply
Aussan
Respected Contributor

‎07-26-2007 04:46 AM

‎07-26-2007 04:46 AM

Solution

Re: User log as Root

put console in securetty to block direct telnet login as root

# echo console >> /etc/securetty

and add a group to the security file

in /etc/default/security

SU_ROOT_GROUP=mygroup

then the users who you want to su as root add them to mygroup, and they will be the only ones allowed to su as root

The tongue weighs practically nothing, but so few people can hold it
Reply
Heironimus
Honored Contributor

‎07-26-2007 05:15 AM

‎07-26-2007 05:15 AM

Re: User log as Root

sshd uses the configuration directive "PermitRootLogin" in sshd_config for allowing or denying root logins via ssh. You need this in addition to /etc/securetty.
0 Kudos
Reply
Rahul Kumar Gupta
Trusted Contributor

‎08-01-2007 02:18 AM

‎08-01-2007 02:18 AM

Re: User log as Root

Can u tell me abt this sudo package, from which site i can get it.

thnx
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎08-01-2007 02:20 AM

‎08-01-2007 02:20 AM

Re: User log as Root

Hi Rahul,

Sudo is available for 11.11,11.23 and 11.31 from

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/

Regards,
Robert-Jan
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎08-01-2007 05:19 AM

‎08-01-2007 05:19 AM

Re: User log as Root

For root history, we add the following in .profile so that each admin has their own history file - kind of a mini audit as well:

# Set up logging
HISTFILE=${HOME}/.sh_history_`who am i|awk '{ print $1}'`
date >>$HISTFILE
export HISTFILE
HISTSIZE=5000
export HISTSIZE


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.