RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’

RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'

# Tested on RHEL 5, 6 & 7


# Allowing users to "su" to 'root'
# ------------------------------------------------------------------------------------------

# On a secured server regular users are not allowed to become 'root' by issuing "su" command

# /etc/pam.d/su file usually limits users that can become 'root' to those belonging to
# 'wheel' group

# This way, to allow a user to become 'root' it should be added to 'wheel' group:

usermod -g wheel <username>


# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in 'wheel' group to become 'root' without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid


# State of these two lines can be combined in order to have one or other behaviour



# Allowing 'root' to login directly to the system via ssh
# ------------------------------------------------------------------------------------------

# Usually, after a fresh installation, 'root' is not able to login to the system via "ssh"
# To allow, verify/modify following files as necessary

# sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes"

vi /etc/ssh/sshd_config
[...]
   PermitRootLogin yes
[...]

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd



# access.conf: Change "-: root : ALL" to "+: root : ALL"

vi /etc/security/access.conf
[...]
   +: root : ALL
[...]


# Take into account that modifying this options can compromise the security of a system.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Fedora 32: Simple Local File-Sharing with Samba CIFS Linux
Viewed 7313 times since Sun, Dec 6, 2020
18 Quick ‘lsof’ command examples for Linux Geeks
Viewed 8827 times since Sun, Jun 30, 2019
How to schedule crontab in Unix Operating Systems
Viewed 1039 times since Fri, Jun 8, 2018
Open SSL Encrypt & Decrypt Files With Password Using OpenSSL
Viewed 3293 times since Mon, Feb 18, 2019
Epoch & Unix Timestamp Conversion Tools
Viewed 33438 times since Fri, Jun 22, 2018
RHEL: Force system to prompt for password in Single User mode
Viewed 4036 times since Sat, Jun 2, 2018
Linux RAID Mdadm Cheat Sheet
Viewed 3482 times since Fri, May 15, 2020
LVM: Mount LVM Partition(s) in Rescue Mode
Viewed 2478 times since Sat, Jun 2, 2018
BIND for the Small LAN
Viewed 2340 times since Sun, May 20, 2018
HowTo: Retrieve Email from a POP3 Server using the Command Line
Viewed 5996 times since Mon, Feb 18, 2019