hi,
i am new in hp ux and i must create a user with root privileges and so i disable ssh connection from root login.
thanks..
Do not create users with root privileges, but rather create unprivileged named user accounts for staff that needs those privileges on the system. After logging in with their account they can become root through the use of su . One step further would be to use sudo for this.
Furthermore to scrutinizer's post, you should then create a /etc/securetty fille with 644 perms and containing only authorised consoles usually its just console if this blocks most cases Im not sure about xdmcp though...
HP had their own su soft called su2 but cant remember where to download the source, it had compared to standard su a super-users file where you put thoses allowed to use it but now there is a good sudo and I suppose su2 is obsoleted...
Thanks for your help.
I disable root ssh login and any login will connect with ssh and change to root
as Scrutinizer said.
But unless you have blocked appropriate ports, you are not stopping people (all those that can su because they know root passwd ...) to try to connect using telnet r-commands...
Vbe thanks,
I disabled telnet connection via change /etc/inetd.conf
connection was failed as we want when i tried to connect via telnet
is it enough?
thanks again..
As I already mentionned the safest is to create a /etc/securetty fille with the only devices you allow root connection: If you have a true console or lan console you put in that file a line with just console :
ran1:/home/vbe $ ll /etc/securetty; cat /etc/securetty
-r--r--r-- 1 root sys 8 Oct 3 2001 /etc/securetty
console
If you know what tasks the user needs with root privileges, admin tasks? you can try to grant them using sam : You can grant the user a restricted SAM with the privileges to taks the user is allowed ( but the tool isnt complete, better than nothing though and avoids the use of su, you will have the SAM activitiy the user did with his own ID...)