Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Logging in and then su to root
Top Forums UNIX for Advanced & Expert Users Logging in and then su to root Post 16899 by killerserv on Friday 8th of March 2002 06:04:27 AM
Old 03-08-2002
First of all the su command can/must be used by previeleged users ie. root. Frequent change of password must be done to obtain maximum security between the server site and client side.

one way to do it is to add a script to either /etc/profile or the particular user's .profile that tests to restrict the user. Something like this in /etc/profile will work:

IAM=`who am i | cut -d" " -f1`
COUNT=`w | cut -d" " -f1 | grep "^$IAM$" | wc -l`
[ $COUNT -gt 1 ] && exit 0


Not sure whther that command works or not but one thing for suggestion. Do not disable the password. Changing the password will do (just an advise). In case of problem then your user might face some problem.
 

10 More Discussions You Might Find Interesting

1. SuSE

Logging in as root on SuSE 9.1

When I try to log on as root now all it does is load YaST. When I used to log on as root it would have a desktop and all...what has happened? Thanks in advance. (10 Replies)
Discussion started by: CTroxtell21
10 Replies

2. UNIX for Dummies Questions & Answers

Run non-root script as root with non-root environment

All, I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies

3. UNIX for Advanced & Expert Users

What change in freeBSD OS to allow root logging using ssh?

Hi everybody, ] I would like to ask just simpe and short question. I am using freeBSD 6.0 and Debian Sarge. From Debian console I can log as root using ssh to bsd mashine but not vice versa. When I say in bsd console su I got sorry output, it does not allow me to su to root when I am logged... (5 Replies)
Discussion started by: 100days
5 Replies

4. AIX

Can't login root account due to can't find root shell

Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in. I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies

5. Solaris

Prevent users logging in as root

I would like to know how to prevent users connecting to a server using SSH as root. I would still like them to be able to login with their username and then change to su. But I would like to prevent them logging in directly as root. I have searched the forum and read that I should set... (3 Replies)
Discussion started by: Sepia
3 Replies

6. HP-UX

problem in logging into root

when i am trying to login through root i am getting following error Last successful login for root: Tue Feb 3 16:44:40 IST-5:30 2009 on pts/tc Last unsuccessful login for root: Tue Feb 3 16:41:01 IST-5:30 2009 on pts/tc Please wait...checking for disk quotas crt0: ERROR couldn't open... (6 Replies)
Discussion started by: mnmca
6 Replies

7. Post Here to Contact Site Administrators and Moderators

Constant Logging In (After Logging Out)

Hi Everyone. First, I want to thank all of you for letting me participate in this great group. I am having a bit of a problem. After I get an email from a responder, I login to make my reply. In the mean time I get another response by email from another member, I go to reply to them and I... (6 Replies)
Discussion started by: Ccccc
6 Replies

8. UNIX for Dummies Questions & Answers

How to avoid logging with root user?

I have created a linux machine and installed some softwares on it with root user privileges . I used to login with root user credentials for doing the various task. Later i have realise that this is not the best practice to follow and there should be a new user with less privileges to be created... (1 Reply)
Discussion started by: pinga123
1 Replies

9. Solaris

Migration of system having UFS root FS with zones root to ZFS root FS

Hi All After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies

10. Linux

Syslog not logging successful logging while unlocking server's console

When unlocking a Linux server's console there's no event indicating successful logging Is there a way I can fix this ? I have the following in my rsyslog.conf auth.info /var/log/secure authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies

LEARN ABOUT LINUX

pam_securetty

PAM_SECURETTY(8)						 Linux-PAM Manual						  PAM_SECURETTY(8)

NAME

       pam_securetty - Limit root login to special devices

SYNOPSIS

       pam_securetty.so [debug]

DESCRIPTION

       pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
       /etc/securetty. pam_securetty also checks to make sure that /etc/securetty is a plain file and not world writable.

       This module has no effect on non-root users and requires that the application fills in the PAM_TTY item correctly.

       For canonical usage, should be listed as a required authentication method before any sufficient authentication methods.

OPTIONS

       debug
	   Print debug information.

MODULE TYPES PROVIDED

       Only the auth module type is provided.

RETURN VALUES

       PAM_SUCCESS
	   The user is allowed to continue authentication. Either the user is not root, or the root user is trying to log in on an acceptable
	   device.

       PAM_AUTH_ERR
	   Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the /etc/securetty file is world
	   writable or not a normal file.

       PAM_INCOMPLETE
	   An application error occurred. pam_securetty was not able to get information it required from the application that called it.

       PAM_SERVICE_ERR
	   An error occurred while the module was determining the user's name or tty, or the module could not open /etc/securetty.

       PAM_USER_UNKNOWN
	   The module could not find the user name in the /etc/passwd file to verify whether the user had a UID of 0. Therefore, the results of
	   running this module are ignored.

EXAMPLES

	   auth  required  pam_securetty.so
	   auth  required  pam_unix.so

SEE ALSO

       securetty(5), pam.conf(5), pam.d(5), pam(7)

AUTHOR

       pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.

Linux-PAM Manual						    06/04/2011							  PAM_SECURETTY(8)
All times are GMT -4. The time now is 05:41 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy