RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’
Article Number: 132 | Rating: Unrated | Last Updated: Sat, Jun 2, 2018 8:56 AM
RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'
# Tested on RHEL 5, 6 & 7
# RHEL 5/6:service sshd restart# Allowing users to "su" to 'root' # ------------------------------------------------------------------------------------------ # On a secured server regular users are not allowed to become 'root' by issuing "su" command # /etc/pam.d/su file usually limits users that can become 'root' to those belonging to # 'wheel' group # This way, to allow a user to become 'root' it should be added to 'wheel' group: usermod -g wheel <username> # To allow all users to become super user (root), comment out following line in # /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it): auth required pam_wheel.so use_uid # To allow users in 'wheel' group to become 'root' without providing a password uncomment # following line in /etc/pam.d/su file #auth sufficient pam_wheel.so trust use_uid # State of these two lines can be combined in order to have one or other behaviour # Allowing 'root' to login directly to the system via ssh # ------------------------------------------------------------------------------------------ # Usually, after a fresh installation, 'root' is not able to login to the system via "ssh" # To allow, verify/modify following files as necessary # sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes" vi /etc/ssh/sshd_config [...] PermitRootLogin yes [...] # This change requires a restart of sshd daemon: # RHEL 7: systemctl restart sshd # access.conf: Change "-: root : ALL" to "+: root : ALL" vi /etc/security/access.conf [...] +: root : ALL [...] # Take into account that modifying this options can compromise the security of a system. |