RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’

RHEL: Allowing users to 'su' to "root" / Allowing 'root' to login directly to the system using 'ssh'

# Tested on RHEL 5, 6 & 7


# Allowing users to "su" to 'root'
# ------------------------------------------------------------------------------------------

# On a secured server regular users are not allowed to become 'root' by issuing "su" command

# /etc/pam.d/su file usually limits users that can become 'root' to those belonging to
# 'wheel' group

# This way, to allow a user to become 'root' it should be added to 'wheel' group:

usermod -g wheel <username>


# To allow all users to become super user (root), comment out following line in
# /etc/pam.d/su file (if line is uncommented only 'wheel' users will be able to do it):

   auth            required        pam_wheel.so use_uid

# To allow users in 'wheel' group to become 'root' without providing a password uncomment
# following line in /etc/pam.d/su file

   #auth           sufficient      pam_wheel.so trust use_uid


# State of these two lines can be combined in order to have one or other behaviour



# Allowing 'root' to login directly to the system via ssh
# ------------------------------------------------------------------------------------------

# Usually, after a fresh installation, 'root' is not able to login to the system via "ssh"
# To allow, verify/modify following files as necessary

# sshd_config: If existing, change "PermitRootLogin no" to "PermitRootLogin yes"

vi /etc/ssh/sshd_config
[...]
   PermitRootLogin yes
[...]

# This change requires a restart of sshd daemon:

# RHEL 5/6:service sshd restart

# RHEL 7: systemctl restart sshd



# access.conf: Change "-: root : ALL" to "+: root : ALL"

vi /etc/security/access.conf
[...]
   +: root : ALL
[...]


# Take into account that modifying this options can compromise the security of a system.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
10 nmap Commands Every Sysadmin Should Know
Viewed 779 times since Wed, May 22, 2019
debian How to Upgrade Debian 8 Jessie to Debian 9 Stretch
Viewed 828 times since Sun, Sep 23, 2018
How to deal with dmesg timestamps
Viewed 729 times since Wed, Oct 3, 2018
Check Detailed CPU Information In Linux With CoreFreq [Advanced]
Viewed 734 times since Thu, Apr 18, 2019
Use inotify-tools on CentOS 7 or RHEL 7 to watch files and directories for events
Viewed 1125 times since Fri, Jul 27, 2018
OpenSSL: Find Out SSL Key Length – Linux Command Line
Viewed 581 times since Mon, Feb 18, 2019
RHCS6: Basic operations on clustered services
Viewed 890 times since Sun, Jun 3, 2018
Linux 16 Useful Bandwidth Monitoring Tools to Analyze Network Usage in Linux
Viewed 168 times since Mon, Sep 21, 2020
RHEL: Multipathing basics
Viewed 1499 times since Sat, Jun 2, 2018
RHEL: Manually encrypting a filesystem with LUKS
Viewed 1226 times since Sun, May 27, 2018