RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’

RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'

# Tested on RHEL 5, 6 & 7

# Allowing users to "su" to 'root'
# ------------------------------------------------------------------------------------------

# On a secured server regular users are not allowed to become 'root' by issuing "su" command

# /etc/pam.d/su file usually limits users that can become 'root' to those belonging to
# 'wheel' group

# This way, to allow a user to become 'root' it should be added to 'wheel' group:

usermod -g wheel <username>

# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in 'wheel' group to become 'root' without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid

# State of these two lines can be combined in order to have one or other behaviour

# Allowing 'root' to login directly to the system via ssh
# ------------------------------------------------------------------------------------------

# Usually, after a fresh installation, 'root' is not able to login to the system via "ssh"
# To allow, verify/modify following files as necessary

# sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes"

vi /etc/ssh/sshd_config
   PermitRootLogin yes

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd

# access.conf: Change "-: root : ALL" to "+: root : ALL"

vi /etc/security/access.conf
   +: root : ALL

# Take into account that modifying this options can compromise the security of a system.
0 (0)
Article Rating (No Votes)
Rate this article
There are no attachments for this article.
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
OEL 7 – How to disable IPv6 on Oracle Linux 7 – Follow Up
Viewed 9205 times since Wed, Jul 25, 2018
Jak ustawić LVM, jak robić snapshoty oraz automatycznie powiększać LV, czyli małe howto
Viewed 4270 times since Sun, May 20, 2018
An easier way to manage disk decryption at boot with Red Hat Enterprise Linux 7.5 using NBDE
Viewed 7025 times since Mon, Aug 6, 2018
Top 20 OpenSSH Server Best Security Practices - good article
Viewed 10221 times since Mon, Oct 1, 2018
Viewed 5259 times since Sat, Jun 2, 2018
RHEL: Change system’s hostname
Viewed 3178 times since Sun, May 27, 2018
Install OpenVPN On CentOS / RHEL 7
Viewed 2790 times since Fri, May 15, 2020
6 rsync Examples to Exclude Multiple Files and Directories using exclude-from
Viewed 4549 times since Wed, Oct 31, 2018
Install Security Patches or Updates Automatically on CentOS and RHEL
Viewed 1554 times since Fri, Oct 26, 2018
Get UUID of Hard Disks [Update]
Viewed 1978 times since Tue, Jul 17, 2018