AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only

  • 1.  How to stop su from root

    Posted Wed May 15, 2013 07:49 AM

    Originally posted by: rathorehemant


    How can I restrict (by throwing a password) if he is logging my account from root user using su,


    #AIX-Forum


  • 2.  Re: How to stop su from root

    Posted Wed May 15, 2013 11:26 AM

    Originally posted by: GarlandJoseph


    You can't restrict root.


    #AIX-Forum


  • 3.  Re: How to stop su from root

    Posted Wed May 15, 2013 12:38 PM

    Originally posted by: gcorneau


    You can disable root if using RBAC:

    http://pic.dhe.ibm.com/infocenter/aix/v7r1/topic/com.ibm.aix.security/doc/security/rbac_disable_root.htm


    #AIX-Forum


  • 4.  Re: How to stop su from root

    Posted Thu May 16, 2013 02:16 PM

    Originally posted by: biblio93


    It's very simply

    Edit the file /etc/ssh/sshd_config

    modify the line

    PermitRootLogin to no

    Stops service by:

    stopsrc -s sshd

    startsrc -s sshd

    vérify the status of the service sshd

    lssrc -a | grep ssh

    sshd --> active

     


    #AIX-Forum


  • 5.  Re: How to stop su from root

    Posted Fri May 17, 2013 01:05 PM

    Originally posted by: biblio93


    Sory for my first response ( ssh)

     

    Since you are on a AIX you can simply in smitty user choose no in "can other users su user".

     

    command chuser

    subcommand of chuser for user root

    su Indicates whether another user can switch to the specified user account with the su command. Possible values are:

     

     

    true
    Another user can switch to the specified account. This is the default.
    false
    Another user cannot switch to the specified account.

    #AIX-Forum


  • 6.  Re: How to stop su from root

    Posted Sat May 18, 2013 07:20 PM

    Originally posted by: dukessd


    ...and then root can simply change it back to true.

    Root has the system, as a mere user you cannot escape from root in AIX.

    HTH


    #AIX-Forum


  • 7.  Re: How to stop su from root

    Posted Sun May 19, 2013 03:49 AM

    Originally posted by: biblio93


    if you feel that the root account can not log on to your user.
    What to do if you have a problem on your account.
    root is the adminitration user of UNIX
    At least put in place eg eTrust (product sales) very complicated to implement and administer , or rbac

    you'll spend more time managing your account and machines (through rbac) or implement C2 security
    Good luck in case of access or application problem through your account

     

     

     


    #AIX-Forum


  • 8.  Re: How to stop su from root

    Posted Sun May 19, 2013 04:09 AM

    Originally posted by: biblio93


    It's not so simple with rbac
    I know some company that have established rbac (except Oracle database and management HMC)

     

    In fact for the "su" I think the cleaner is to remove all execute permissions on the / usr / bin / su, then use RBAC to allow some users to execute the command file. Basically you have to create an authorization, a role that you give permission, then replace accessauths = ALLOW_ALL by accessauths = ton_autorisation to the /usr/bin/su. Then you give the users of your choice permission to assume the role that you created (attribute "roles"). You can even give them authomatiquement the role in question (attributes "roles" + "default_roles").

    Look on the side of mkauth orders mkrole, setsecattr, chuser, setkst.

    If you do not trust the root user, it's pretty annoying


    #AIX-Forum


Related Content