Apparently OS is ignoring access.conf file

Solution Verified - Updated -

Environment

Red Hat Enterprise Linux 7

Issue

  • While do below change on access.conf file, still able to login as root on rhel7. It works fine on RHEL6.
tail -1 /etc/security/access.conf -:root: ALL EXCEPT LOCAL

Resolution

  • On RHEL 7
[root@localhost ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Workstation release 7.1 (Maipo)
[root@localhost ~]#
  • Do below changes on /etc/security/access.conf
[root@localhost ~]# tail -1 /etc/security/access.conf 
-:root: ALL EXCEPT LOCAL
  • Verify that below line is present in /etc/pam.d/sshd and /etc/pam.d/login files, if not then append that line.
account     required     pam_access.so 


[root@localhost ~]# grep pam_access.so /etc/pam.d/login 
account     required     pam_access.so
[root@localhost ~]# grep pam_access.so /etc/pam.d/sshd  
account     required     pam_access.so
[root@localhost ~]#
  • Execute below command to update the changes and login using root.
[root@localhost ~]# authconfig --enablepamaccess --update

Root Cause

  • If below line is not present in /etc/pam.d/sshd and /etc/pam.d/login files then face such issue .
account     required     pam_access.so

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments