Allowing root to login directly on Solaris 11
As we are aware starting with Solaris 11 and by default the root
user can no longer login directly onto a system. The root
user now acts as a role account.
I have had requests on numerous sites to make changes to allow root
user have direct login -- albeit against my better judgement. -- I have decided to share with you the steps required.
Caution: This procedure is not recommended in a production environment and I recommend that you review your companies system security policy for root login for guidance.
If you try to login directly as root, you will get the following:
schlumpf console login: root Password: Roles can not login directly
To make the changes to allow root
to login directly, we need to make root
a user instead of a role.
- Login as with an administrator account and
su
to root:mchurchi@schlumpf$ su - root Password: Jun 01 2013 16:26:29 schlumpf su: 'su root' succeeded for mchurchi on /dev/console Oracle Corporation SunOS 5.11 11.0 September 2012 root@schlumpf#
- We can confirm the role account, by running:
root@schlumpf# grep "^root" /etc/user_attr root::::type=role
- Change the role type to a normal account using the
rolemod
command:root@schlumpf# rolemod -K type=normal root
- Confirm the change has been successful:
root@schlumpf# grep "^root" /etc/user_attr root::::type=normal
- Now login as
root
user on the console:schlumpf console login: root Password: Oracle Corporation SunOS 5.11 11.0 September 2012 root@schlumpf#
And there you go -- Your system is now less secure and auditable
Caution: This procedure is not recommended in a production environment and I recommend that you review your companies system security policy for root login for guidance.