The root account is the most privileged account on a Unix system. The root account has no security restrictions imposed upon it (Hmm…there are some exceptions though). When you are logged in as super user, you don’t have to face any questions. Therefore it is easy, with a mistyped command, to wipe out crucial system files or even the whole system all of a sudden. I have had situations where I forgot my root password and is unable to do any administrative level tasks. Due to increase in different type of cloud services, users are forced to manage large number of passwords and it is very common to forget some of them which may include the system’s own root password. What can we do in those situations? Either we recover or just reset the previous root password with a new one. The former is Read More »
Tag: root
Secure the tty devices by disabling root account login
GNU/Linux system provides means for using the terminal devices namely tty1,tty2,…As a part of gnu/linux general security we can enable/disable root login on these devices. Each of the tty devices can be accessed by pressing Ctrl+Alt+F1 or Ctrl+Alt+F2… The /etc/securetty file allows you to specify which tty devices the root user is allowed to login on. The /etc/securetty file is read by the login program. Its format is a list of the tty devices names allowed, and on all others tty that are commented out or doesn’t appear in this file, root login is disallowed.To allow root access in a particular tty we just need to uncomment that line.
Edit the securetty file (sudo nano /etc/securetty) and comment out the following lines
tty1
#tty2
#tty3
#tty4
#tty5
#tty6
#tty7
#tty8
which means root is only allowed to login on tty1.
Add users to sudo to “root” account
“george is not in the sudoers file. This incident will be reported.”
Some of you may have encountered an error similar to one listed above. Most of us then switches to root account and perform the requires operations. But it is possible for users to take up the root privileges through the sudo command by editing the sudo configuration file. If you want to make, for example, the user ‘george’ be able to sudo to “root”, use the following command:
su (and enter the root password)
nano /etc/sudoers
Move to the section where the following is written
# User privilege specification
root ALL=(ALL:ALL) ALL
Edit the file to look like
# User privilege specification
root ALL=(ALL:ALL) ALL
george ALL=(ALL:ALL) ALL
Save the file. Now ‘george’ can use the sudo command without any error.
Openforums 