RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’

RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'

# Tested on RHEL 5, 6 & 7


# Allowing users to "su" to 'root'
# ------------------------------------------------------------------------------------------

# On a secured server regular users are not allowed to become 'root' by issuing "su" command

# /etc/pam.d/su file usually limits users that can become 'root' to those belonging to
# 'wheel' group

# This way, to allow a user to become 'root' it should be added to 'wheel' group:

usermod -g wheel <username>


# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in 'wheel' group to become 'root' without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid


# State of these two lines can be combined in order to have one or other behaviour



# Allowing 'root' to login directly to the system via ssh
# ------------------------------------------------------------------------------------------

# Usually, after a fresh installation, 'root' is not able to login to the system via "ssh"
# To allow, verify/modify following files as necessary

# sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes"

vi /etc/ssh/sshd_config
[...]
   PermitRootLogin yes
[...]

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd



# access.conf: Change "-: root : ALL" to "+: root : ALL"

vi /etc/security/access.conf
[...]
   +: root : ALL
[...]


# Take into account that modifying this options can compromise the security of a system.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHEL: Reserved space on a ext2/ext3/ext4 filesystem
Viewed 2742 times since Sun, May 27, 2018
zabbix linux How to solve apache error No space left on device: Cannot create SSLMutex
Viewed 213 times since Wed, Nov 11, 2020
LVM: Extend SWAP size by adding a new Logical Volume
Viewed 977 times since Sat, Jun 2, 2018
RHEL: Adding a boot entry to GRUB/GRUB2 configuration
Viewed 1521 times since Sun, May 27, 2018
tcpdump usage examples
Viewed 773 times since Fri, Jul 27, 2018
RHEL: XFS basic operations
Viewed 1902 times since Sat, Jun 2, 2018
Using etckeeper with git
Viewed 1492 times since Sun, Jun 3, 2018
RHEL: Rename a network interface on RHEL 7
Viewed 2628 times since Sat, Jun 2, 2018
How to use yum-cron to automatically update RHEL/CentOS Linux
Viewed 669 times since Wed, Oct 17, 2018
Easily Monitor CPU Utilization in Linux Terminal With Stress Terminal UI
Viewed 1153 times since Thu, Apr 18, 2019