Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

users who can be root 1

Status
Not open for further replies.
Sort by date Sort by votes
Anyone can type in "su - root"

If you are trying to limit who can do this successfully, create a group of allowed users (e.g., "rootusers") and then set the "sugroups" attribute for the root account.

chuser sugroups=rootusers root

This limits access to those people who know the root password and are a member of that group.

You should also set rlogin=false for root, and other considerations in your referenced topic.

Regarding what "what users have been to 'su - root' recently" you can check that in the /var/adm/sulog
grep root /var/adm/sulog

gg
 
Upvote 0 Downvote
An interesting discussion, thanks. I'm from a mainly Solaris background so all of this is somewhat new to me.
 
Upvote 0 Downvote
I use the method ggauthier describes for all "higher authority" users. For example, "DBA" accounts.

You can also make the chuser change through smit user (change characteristics).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

E
  • Locked
  • Question
AIX Power5 on 5.3- On varyonvg error "cannot be varied on because no good copies of the descriptor area"
Replies
1
Views
470
JenLM
J
yf
  • Locked
  • Question
AIX 7.2 strange behavior.
Replies
0
Views
251
yf
yf
mar3i
  • Locked
  • Question
Cannot inrease var filesystem 1
Replies
2
Views
244
pa2nc
pa2nc
AnjuSingh
  • Locked
  • Question
Can anyone tell me what is the late
Replies
1
Views
151
KenCunningham
KenCunningham
moudmmm
  • Locked
  • Question
Cann't open XManager to AIX
Replies
1
Views
185
unixfreak
unixfreak

Part and Inventory Search

Sponsor

Back
Top