RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’

RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'

# Tested on RHEL 5, 6 & 7


# Allowing users to "su" to 'root'
# ------------------------------------------------------------------------------------------

# On a secured server regular users are not allowed to become 'root' by issuing "su" command

# /etc/pam.d/su file usually limits users that can become 'root' to those belonging to
# 'wheel' group

# This way, to allow a user to become 'root' it should be added to 'wheel' group:

usermod -g wheel <username>


# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in 'wheel' group to become 'root' without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid


# State of these two lines can be combined in order to have one or other behaviour



# Allowing 'root' to login directly to the system via ssh
# ------------------------------------------------------------------------------------------

# Usually, after a fresh installation, 'root' is not able to login to the system via "ssh"
# To allow, verify/modify following files as necessary

# sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes"

vi /etc/ssh/sshd_config
[...]
   PermitRootLogin yes
[...]

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd



# access.conf: Change "-: root : ALL" to "+: root : ALL"

vi /etc/security/access.conf
[...]
   +: root : ALL
[...]


# Take into account that modifying this options can compromise the security of a system.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
How to Analyze or Read OS Watcher Output in three easy steps -- With Example ?
Viewed 3114 times since Thu, Jun 21, 2018
How do I add ethtool settings to a network device permanently?
Viewed 1579 times since Mon, May 21, 2018
RHEL: Create a local RPM repository
Viewed 1062 times since Sun, May 27, 2018
Telnet – Send GET/HEAD HTTP Request
Viewed 431 times since Mon, Feb 18, 2019
LVM: Extend SWAP size by growing existing Logical Volume
Viewed 675 times since Sat, Jun 2, 2018
LVM: Create a new Logical Volume / Filesystem
Viewed 697 times since Sat, Jun 2, 2018
Linux – delete the LUN and remove traces from OS
Viewed 858 times since Tue, May 22, 2018
RHCS6: Basic operations on clustered services
Viewed 708 times since Sun, Jun 3, 2018
watchdog How to restart a process out of crontab on a Linux/Unix
Viewed 1463 times since Tue, Jul 31, 2018
20 IPtables Examples For New SysAdmins
Viewed 332 times since Fri, May 15, 2020