03-28-2014
The root user is no regular user.
And for security issues, its not supposed (on any 'real' *nix system != *ubuntu (did suse remove that option yet?)) to login to GUI.
You might have better luck, to remove the users from admin group (adm) so they wont have permission to login root.
Further a closer inspection of /etc/passwd as already suggested seems a good idea.
You dont need to limit root, leave root's values alone, you need to limit the user!
10 More Discussions You Might Find Interesting
1. IP Networking
Hello Guys,
We are using Sco Unix 5.0
While we was changing root password from scoadmin, It did not change the password and hang in between.
Now, I am unable to login as root user
pls. do suggest me how can i skip root password and how can i goto root to change the password again.
Or if... (4 Replies)
Discussion started by: subho77
4 Replies
2. Answers to Frequently Asked Questions
We have quite a few threads about this subject. I have collected some of them and arranged them by the OS which is primarily discussed in the thread. That is because the exact procedure depends on the OS involved. What's more, since you often need to interact with the boot process, the... (0 Replies)
Discussion started by: Perderabo
0 Replies
3. AIX
How do I make it so user "root" can not log directly into an AIX server? I want a user to be able to SU to it but not log into it to keep a log (2 Replies)
Discussion started by: breigner
2 Replies
4. UNIX for Dummies Questions & Answers
All,
I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies
5. Solaris
Hello all,
I've a problem with root login password in Solaris.
After I installed a patch the root password became empty, so to login as root I don't have to type any password, just username: root.
I've tried the passwd command but it still doesn't work...
Does anyone knows how can I solve this?... (1 Reply)
Discussion started by: pmpx
1 Replies
6. Solaris
I want to enable root login just from one terminal machine, can i do that via /etc/default/login in console=/dev/console line ?
and if so what i have to type exactly, another question is it normal to edit the files inside defaults directly ? or i can copy it to /etc/ and edit it there and its... (3 Replies)
Discussion started by: XP_2600
3 Replies
7. AIX
Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in.
I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies
8. HP-UX
With my SSH, my HP-UX cannot login to root. It will come out a message su: unknown id: root. But I can login by user oracle. I also cannot login to console either by using root or oracle anymore. What shall I do. (5 Replies)
Discussion started by: surizan
5 Replies
9. AIX
I can use sudo su to root from my user id through ssh. Also can change root password. However, I cannnot login by root from ssh.
Does any body know why? (10 Replies)
Discussion started by: rainbow_bean
10 Replies
10. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
SU(1) BSD General Commands Manual SU(1)
NAME
su -- substitute user identity
SYNOPSIS
su [-] [-flm] [login [args]]
DESCRIPTION
The su utility requests appropriate user credentials via PAM and switches to that user ID (the default user is the superuser). A shell is
then executed.
PAM is used to set the policy su(1) will use. In particular, by default only users in the ``admin'' or ``wheel'' groups can switch to UID 0
(``root''). This group requirement may be changed by modifying the ``pam_group'' section of /etc/pam.d/su. See pam_group(8) for details on
how to modify this setting.
By default, the environment is unmodified with the exception of USER, HOME, and SHELL. HOME and SHELL are set to the target login's default
values. USER is set to the target login, unless the target login has a user ID of 0, in which case it is unmodified. The invoked shell is
the one belonging to the target login. This is the traditional behavior of su.
The options are as follows:
-f If the invoked shell is csh(1), this option prevents it from reading the ``.cshrc'' file.
-l Simulate a full login. The environment is discarded except for HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified as
above. USER is set to the target login. PATH is set to ``/bin:/usr/bin''. TERM is imported from your current environment. The
invoked shell is the target login's, and su will change directory to the target login's home directory.
- (no letter) The same as -l.
-m Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made. As a security precau-
tion, if the target user's shell is a non-standard shell (as defined by getusershell(3)) and the caller's real uid is non-zero, su
will fail.
The -l (or -) and -m options are mutually exclusive; the last one specified overrides any previous ones.
If the optional args are provided on the command line, they are passed to the login shell of the target login. Note that all command line
arguments before the target login name are processed by su itself, everything after the target login name gets passed to the login shell.
By default (unless the prompt is reset by a startup file) the super-user prompt is set to ``#'' to remind one of its awesome power.
ENVIRONMENT
Environment variables used by su:
HOME Default home directory of real user ID unless modified as specified above.
PATH Default search path of real user ID unless modified as specified above.
TERM Provides terminal type which may be retained for the substituted user ID.
USER The user ID is always the effective ID (the target user ID) after an su unless the user ID is 0 (root).
FILES
/etc/pam.d/su PAM configuration for su.
EXAMPLES
su man -c catman
Runs the command catman as user man. You will be asked for man's password unless your real UID is 0.
su man -c 'catman /usr/share/man /usr/local/man'
Same as above, but the target command consists of more than a single word and hence is quoted for use with the -c option being passed
to the shell. (Most shells expect the argument to -c to be a single word).
su -l foo
Simulate a login for user foo.
su - foo
Same as above.
su - Simulate a login for root.
SEE ALSO
csh(1), sh(1), group(5), passwd(5), environ(7), pam_group(8)
HISTORY
A su command appeared in Version 1 AT&T UNIX.
BSD
September 13, 2006 BSD