Thursday, 24 July 2014

In this post we are going to see how to allow root direct login on console in Solaris 11. As we all know, Solaris 11 having a restriction that root can't be direct login as its act as a Role account. We have to change the type as normal, in order to make the root direct login. Let we can check some prerequisites and do the changes.

Getting below error while accessing the server directly with root user.
unixrock console login: root
Password:
Roles can not login directly
Checking Role account type in /etc/user_attr
root@unixrock:~# grep -i root /etc/user_attr
root::::type=role
unixrock::::lock_after_retries=no;profiles=System Administrator;roles=root
root@unixrock:~#
Changing the Role type as normal account
root@unixrock:~# rolemod -K type=normal root
root@unixrock:~#
root@unixrock:~# grep -i root /etc/user_attr
root::::type=normal
unixrock::::lock_after_retries=no;profiles=System Administrator;roles=root
root@unixrock:~#
Checking CONSOLE value on /etc/default/login, the value should be shown as like below.
root@unixrock:~# grep -i console /etc/default/login
# If CONSOLE is set, root can only login on that device.
# If the specified device is /dev/console, then root can also log into
CONSOLE=/dev/console
root@unixrock:~#
Still If you want to make root direct login through ssh, then we need to check "PermitRootLogin" value on /etc/ssh/sshd_config. If you change the value as like below, need to restart the ssh services from console.
root@unixrock:~# grep -i PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin yes
root@unixrock:~#
root@unixrock:~# svcadm restart svc:/network/ssh:default
root@unixrock:~#
CAUTION : This is not recommended to do this setting on production environment servers.

Thanks for reading this post. Please leave your valuable comments and queries, I will get back to you at earliest.