Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Prevent users logging in as root
Operating Systems Solaris Prevent users logging in as root Post 302202635 by Sepia on Thursday 5th of June 2008 10:49:37 AM
Old 06-05-2008
Prevent users logging in as root
I would like to know how to prevent users connecting to a server using SSH as root.

I would still like them to be able to login with their username and then change to su.

But I would like to prevent them logging in directly as root.

I have searched the forum and read that I should set PermitRootLogin to no.

I am using Solaris 10 and have opened 'sshd_config' to find the line 'PermitRootLogin' which is already set to 'no' but I can log in as username root.

Any ideas?

Thanks
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Prevent root login directly

Hi How can I prevent anyone from logging in as root directly? I have added the line console=/dev/null to the file /etc/default/login I was still able to login as root from the console. Please advice. Thanks Srini (4 Replies)
Discussion started by: skotapal
4 Replies

2. UNIX for Dummies Questions & Answers

How to prevent root users from editing files (logs)

How to prevent root users from editing files (logs)? Is there any way? (4 Replies)
Discussion started by: vehchi
4 Replies

3. AIX

Locking a file when using VI to prevent multiple-edit sessions by diff users

At the office, we often have to edit one file with VI. We are 4-6 workers doing it and sometimes can be done at the same time. We have found a problem and want to prevent it with a file lock. Is it possible and how ? problem : Worker-a starts edit VI session on File-A at 1PM Worker-b... (14 Replies)
Discussion started by: Browser_ice
14 Replies

4. AIX

Logging off users

What is the best way to logoff users from my Unix system? I have done a search and found that you can do a w or who - find who is on, and ps-ef | grep <user> and kill their processes. But what if you have a bunch of users and you need them off the system quickly? Killing individual processes... (1 Reply)
Discussion started by: outtacontrol
1 Replies

5. UNIX for Advanced & Expert Users

How to prevent local root from su to an NIS user?

We have a shared development box, running Solaris 10 that is an NIS client, all the developers have local root password. If they know the NIS uid of another user, they can just do % useradd -u <uid> login And then log in as that user and have full access to his files in his home directory. ... (3 Replies)
Discussion started by: nfw
3 Replies

6. Shell Programming and Scripting

Logging out users

Hi, How do force users to log off Unix through shell? (2 Replies)
Discussion started by: Wahmed9
2 Replies

7. Shell Programming and Scripting

How to prevent a shell script from copy or read from Users

I have a script which do validation check and perform code migration from one env. to another, this is built for users/developers. How can I prevent this shell script from copy or read from users, as they can modify it and run it as per their requirement where as this has to be standard script and... (1 Reply)
Discussion started by: pramendra
1 Replies

8. Solaris

How can i prevent logging user1 from console?

Dear all, i have two users user1 and user2 i want force user1 to login first by user2 and then su - user1 i want to prevent logging user1 from console directly (5 Replies)
Discussion started by: maxim42
5 Replies

9. Shell Programming and Scripting

Find users with root UID or GID or root home

I need to list users in /etc/passwd with root's GID or UID or /root as home directory If we have these entries in /etc/passwd root:x:0:0:root:/root:/bin/bash rootgooduser1:x:100:100::/home/gooduser1:/bin/bash baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies

10. OS X (Apple)

Does there exist a UNIX command to prevent docs' versions from uncontrolled erasing on logging in?

So far nobody on ASC, nor anywhere was able to respond to my issue and Google wasn't much of help either. I started to experience the issue some time ago: my OS is Lion 10.7.5. It occurs in all apps that have the function of versioning (iWork which I have updated up to v9.2, namely, Pages 4.2,... (0 Replies)
Discussion started by: scrutinizerix
0 Replies

LEARN ABOUT PHP

pam_nologin

PAM_NOLOGIN(8)							 Linux-PAM Manual						    PAM_NOLOGIN(8)

NAME

       pam_nologin - Prevent non-root users from login

SYNOPSIS

       pam_nologin.so [file=/path/nologin] [successok]

DESCRIPTION

       pam_nologin is a PAM module that prevents users from logging into the system when /var/run/nologin or /etc/nologin exists. The contents of
       the file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in.

OPTIONS

       file=/path/nologin
	   Use this file instead the default /var/run/nologin or /etc/nologin.

       successok
	   Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.

MODULE TYPES PROVIDED

       The auth and acct module types are provided.

RETURN VALUES

       PAM_AUTH_ERR
	   The user is not root and /etc/nologin exists, so the user is not permitted to log in.

       PAM_BUF_ERR
	   Memory buffer error.

       PAM_IGNORE
	   This is the default return value.

       PAM_SUCCESS
	   Success: either the user is root or the nologin file does not exist.

       PAM_USER_UNKNOWN
	   User not known to the underlying authentication module.

EXAMPLES

       The suggested usage for /etc/pam.d/login is:

	   auth  required  pam_nologin.so

NOTES

       In order to make this module effective, all login methods should be secured by it. It should be used as a required method listed before any
       sufficient methods in order to get standard Unix nologin semantics. Note, the use of successok module argument causes the module to return
       PAM_SUCCESS and as such would break such a configuration - failing sufficient modules would lead to a successful login because the nologin
       module succeeded.

SEE ALSO

       nologin(5), pam.conf(5), pam.d(5), pam(7)

AUTHOR

       pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>.

Linux-PAM Manual						    09/19/2013							    PAM_NOLOGIN(8)
All times are GMT -4. The time now is 03:37 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy