RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’

RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'

# Tested on RHEL 5, 6 & 7


# Allowing users to "su" to 'root'
# ------------------------------------------------------------------------------------------

# On a secured server regular users are not allowed to become 'root' by issuing "su" command

# /etc/pam.d/su file usually limits users that can become 'root' to those belonging to
# 'wheel' group

# This way, to allow a user to become 'root' it should be added to 'wheel' group:

usermod -g wheel <username>


# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in 'wheel' group to become 'root' without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid


# State of these two lines can be combined in order to have one or other behaviour



# Allowing 'root' to login directly to the system via ssh
# ------------------------------------------------------------------------------------------

# Usually, after a fresh installation, 'root' is not able to login to the system via "ssh"
# To allow, verify/modify following files as necessary

# sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes"

vi /etc/ssh/sshd_config
[...]
   PermitRootLogin yes
[...]

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd



# access.conf: Change "-: root : ALL" to "+: root : ALL"

vi /etc/security/access.conf
[...]
   +: root : ALL
[...]


# Take into account that modifying this options can compromise the security of a system.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHEL: Rebuilding the initial ramdisk image
Viewed 6187 times since Sat, Jun 2, 2018
RHEL: Bonding network interfaces
Viewed 3252 times since Sat, Jun 2, 2018
Top 20 OpenSSH Server Best Security Practices - good article
Viewed 9990 times since Mon, Oct 1, 2018
RHCS: Configure an active/backup pacemaker cluster
Viewed 8481 times since Sun, Jun 3, 2018
3 Ways to Check Linux Kernel Version in Command Line
Viewed 10960 times since Fri, Apr 19, 2019
Terminal based "The Matrix" like implementation
Viewed 1768 times since Thu, Apr 18, 2019
Open SSL HowTo: Decode SSL Certificate
Viewed 5669 times since Mon, Feb 18, 2019
How log rotation works with logrotate
Viewed 4356 times since Fri, Nov 30, 2018
LVM: Extend SWAP size by growing existing Logical Volume
Viewed 2119 times since Sat, Jun 2, 2018
Szybkie sprawdzenie zewnętrznego adresu IP i hosta
Viewed 2969 times since Thu, May 24, 2018