RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’

RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'

# Tested on RHEL 5, 6 & 7


# Allowing users to "su" to 'root'
# ------------------------------------------------------------------------------------------

# On a secured server regular users are not allowed to become 'root' by issuing "su" command

# /etc/pam.d/su file usually limits users that can become 'root' to those belonging to
# 'wheel' group

# This way, to allow a user to become 'root' it should be added to 'wheel' group:

usermod -g wheel <username>


# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in 'wheel' group to become 'root' without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid


# State of these two lines can be combined in order to have one or other behaviour



# Allowing 'root' to login directly to the system via ssh
# ------------------------------------------------------------------------------------------

# Usually, after a fresh installation, 'root' is not able to login to the system via "ssh"
# To allow, verify/modify following files as necessary

# sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes"

vi /etc/ssh/sshd_config
[...]
   PermitRootLogin yes
[...]

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd



# access.conf: Change "-: root : ALL" to "+: root : ALL"

vi /etc/security/access.conf
[...]
   +: root : ALL
[...]


# Take into account that modifying this options can compromise the security of a system.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Easily Monitor CPU Utilization in Linux Terminal With Stress Terminal UI
Viewed 4103 times since Thu, Apr 18, 2019
How to run command or code in parallel in bash shell under Linux or Unix
Viewed 3267 times since Tue, Aug 6, 2019
ZFS: Snapshots and clones on zfs filesystems
Viewed 3120 times since Sun, Jun 3, 2018
Open SSL Encrypt & Decrypt Files With Password Using OpenSSL
Viewed 8272 times since Mon, Feb 18, 2019
OpenSSL: Check SSL Certificate Expiration Date and More
Viewed 6843 times since Mon, Feb 18, 2019
LUKS dm-crypt/Device encryption GUIDE
Viewed 2308 times since Fri, Jul 13, 2018
tcpdump
Viewed 9116 times since Fri, Jul 27, 2018
LVM: Reduce an existing Logical Volume / Filesystem
Viewed 3580 times since Sat, Jun 2, 2018
Need to set up yum repository for locally-mounted DVD on Red Hat Enterprise Linux 7
Viewed 3172 times since Mon, Oct 29, 2018
Procedura powiekszania OCFS2 online
Viewed 5474 times since Fri, Jun 8, 2018