su to root not allowed 1

[chayase]

How can a DEC Alpha machine running Digital UNIX be configured so an administrator can "su" to root from a remote telnet or rsh session? Or even login as root while telnetting from a remote machine? At work, we deal mostly with AIX, Solaris and HP-UX so Digital UNIX is different for us. Any info will be greatly appreciated!

Colleen

 

[Kamila]

Hi,
edit /etc/securettys - add line:

ptys


and it should work.

Bye

 

[root1]

Edit /etc/group file by adding your_name to system line

#cat /etc/group
system:*:0:root,your_name <-no space after coma
daemon:*:1:daemon
uucp:*:2:uucp
mem:*:3:
kmem:*:3:root
bin:*:4:bin,adm
sec:*:5:
mail:*:6:mail
...

 

[MKMA]

Actually there is 2 options for that kind of thing:
Here are they

(1) If you connect remotly using telnet, then adding ptys in the file /etc/securettys is enough.

(2) If you connect using Xwindown, or a program like Reflections X, then you have to add your machine's IP address to the /etc/securettys to be able to login as root.
Add a line like this to the file

123.456.789.111:0
your remote machine's IP address followed by :0 (colon-zero)

And then your life will be better

Eshta!! s-)

MKMA

 

[trunix]

Allowing login as root from a remote server is bad practice and very insecure. Always login as yourself and su to root on the remote server. Doing it this way, the su will be logged in the sulog file and you will have a record of who is su'ing to root.

 

[MoisDude]

I agree on the &quot;insecure issue&quot;. But sometimes it's the usual practice.

Also remember that the user must be in the &quot;system&quot; group and if you would like to ftp in like root, you have to comment that user name in the /etc/ftpusers file..

Luck!
L8ter!

 

[Ranjon]

Adding ptys in /etc/securettys is not safe at all. This enables anyone to login as root in the Server.

Any user with primary group of system can use su. Change your user's primary group to system. This will solve your problem.

Thanks

 

[MoisDude]

Actually...

If you don't know how to hack that root password... You still need it to do SU or loggin as root... No matter where you log on from!

Luck.. L8ter!

 

[vishalsbti]

Hi ,
after making changes to /etc/securettys and adding &quot;system&quot; group as my primary group , I m still not able to &quot;su&quot; from remote systems.
The error i get is &quot;you do not have permission to su root&quot;

any ideas ? what wrong now and where i nedd to make changes.

thanx!

 

[dblair]

Can you su - root locally on the server ?

 

[vishalsbti]

I can't su - root even from the console (server).
gets the same error &quot;no permission&quot;

 

[dblair]

All you have to do (as mentioned above) is add your user to the system (0) group -
system:*:0:root,youruser

What version on Tru64 ?
Do you have the enhanced security options installed an enabled ?

 

[vishalsbti]

Hi blair,
we do not have any added security enabled.
I m able to telnet to system as normal user but from there I m not anle to &quot;su&quot;. the system denies the permission.
I have added the user to system group and modified as per requirement the /etc/securettys file .
any more ideas ?

regards
vishal