RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’

RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'

# Tested on RHEL 5, 6 & 7


# Allowing users to "su" to 'root'
# ------------------------------------------------------------------------------------------

# On a secured server regular users are not allowed to become 'root' by issuing "su" command

# /etc/pam.d/su file usually limits users that can become 'root' to those belonging to
# 'wheel' group

# This way, to allow a user to become 'root' it should be added to 'wheel' group:

usermod -g wheel <username>


# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in 'wheel' group to become 'root' without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid


# State of these two lines can be combined in order to have one or other behaviour



# Allowing 'root' to login directly to the system via ssh
# ------------------------------------------------------------------------------------------

# Usually, after a fresh installation, 'root' is not able to login to the system via "ssh"
# To allow, verify/modify following files as necessary

# sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes"

vi /etc/ssh/sshd_config
[...]
   PermitRootLogin yes
[...]

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd



# access.conf: Change "-: root : ALL" to "+: root : ALL"

vi /etc/security/access.conf
[...]
   +: root : ALL
[...]


# Take into account that modifying this options can compromise the security of a system.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Secure Secure Shell
Viewed 11090 times since Fri, Aug 21, 2020
12 Linux Rsync Options in Linux Explained
Viewed 12191 times since Wed, Oct 31, 2018
Linux Add a Swap File – HowTo
Viewed 10282 times since Fri, Jun 8, 2018
Logrotate Example for Custom Logs
Viewed 2735 times since Sun, Jan 12, 2020
20 IPtables Examples For New SysAdmins
Viewed 2334 times since Fri, May 15, 2020
red hat 7 tmpfiles service
Viewed 1951 times since Thu, Oct 11, 2018
RHEL: Route network packets to go out via the same interface they came in
Viewed 3270 times since Sat, Jun 2, 2018
18 Quick ‘lsof’ command examples for Linux Geeks
Viewed 11814 times since Sun, Jun 30, 2019
Linux: Disks diagnostic using smartctl
Viewed 15284 times since Wed, Jul 25, 2018
8 Vim Tips And Tricks That Will Make You A Pro User
Viewed 3075 times since Fri, Apr 19, 2019