The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Operating Systems > AIX
Reload this Page why I cannot login by root
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: why I cannot login by root
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #7 (permalink)  
Old 03-14-2008
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
  
 

Join Date: May 2005
Location: In the leftmost byte of /dev/kmem
Posts: 1,631
The one possibility (in the ssh config) has already been mentioned. Another possibility would be to (dis-)allow the user root the remote login directly. This is one of the user attributes: check with "lsuser" and if this shows "rlogin=false" change the attribute to "true" by "chuser -a rlogin=true root".

The notion that this poses a security risk is IMHO a misconception. By allowing root to directly login there is no auditing possible any more about who (personally) has logged in. It could be everybody with the root password. If root cannot log in directly the user would have to log in with his normal account and then use "su" to become root. Both events can be logged (/var/adm/wtmp and sulog).

Still, to have an event being auditable does not mean enhanced security by itself. It merely means you can blame it to somebody in case something goes wrong. Further, anybody with a root account could alter these logs so that they are unusable. So this is creating a false sense of security which in fact is not provided by these measures.

bakunin