09-26-2002
i'm sure that the thread starter is not using none of the bsd family variant, but i think useful to say that root login can be prevented [in all .BSD variants] editing /etc/ttys and removing "secure" attribute from all consoles where root login is not allowed. of course, /dev/console might be a good [even the only one] console for root login in single mode :-)
9 More Discussions You Might Find Interesting
1. Answers to Frequently Asked Questions
We have quite a few threads about this subject. I have collected some of them and arranged them by the OS which is primarily discussed in the thread. That is because the exact procedure depends on the OS involved. What's more, since you often need to interact with the boot process, the... (0 Replies)
Discussion started by: Perderabo
0 Replies
2. UNIX for Dummies Questions & Answers
How to prevent root users from editing files (logs)? Is there any way? (4 Replies)
Discussion started by: vehchi
4 Replies
3. UNIX for Advanced & Expert Users
We have a shared development box, running Solaris 10 that is an NIS client, all the developers have local root password. If they know the NIS uid of another user, they can just do
% useradd -u <uid> login
And then log in as that user and have full access to his files in his home directory. ... (3 Replies)
Discussion started by: nfw
3 Replies
4. AIX
Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in.
I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies
5. HP-UX
HI,
We are facing a problem while trying to login using ssh.
The user is able to login using telnet.
We are able to login as another user using ssh and then su to that user which is successfull.
What should i be checking for the user to be able to login directly using ssh.
Thanks in... (2 Replies)
Discussion started by: sag71155
2 Replies
6. Solaris
I would like to know how to prevent users connecting to a server using SSH as root.
I would still like them to be able to login with their username and then change to su.
But I would like to prevent them logging in directly as root.
I have searched the forum and read that I should set... (3 Replies)
Discussion started by: Sepia
3 Replies
7. Red Hat
Is there any method by which fedora 13 can be boot directly from root?? (4 Replies)
Discussion started by: sony star
4 Replies
8. Red Hat
Hi,
I find there is some customized linux with application.
When I use login account root and type the password.
It is not allow to login.
But if I login with specified user and password.
Then I use command "su - " and type root passwd.
It allow you to switch to "root" account .
Or if i... (14 Replies)
Discussion started by: chuikingman
14 Replies
9. UNIX for Advanced & Expert Users
Hi Experts,
Need your support
Redhat 6.5
I want to create a user with all(read, write, execute) privileges except that user should not be able to create any new user from his login
to perform any task. (10 Replies)
Discussion started by: as7951
10 Replies
LEARN ABOUT CENTOS
console.perms
console.perms(5) System Administrator's Manual console.perms(5)
NAME
console.perms - permissions control file for users at the system console
DESCRIPTION
/etc/security/console.perms and .perms files in the /etc/security/console.perms.d directory determine the permissions that will be given to
priviledged users of the console at login time, and the permissions to which to revert when the users log out. They are read by the
pam_console_apply helper executable.
The format is:
<class>=space-separated list of words
login-regexp|<login-class> perm dev-glob|<dev-class>
revert-mode revert-owner[.revert-group]
The revert-mode, revert-owner, and revert-group fields are optional, and default to 0600, root, and root, respectively.
The words in a class definition are evaluated as globs if they refer to files, but as regular expressions if they apply to a console defi-
nition. Do not mix them.
Any line can be broken and continued on the next line by using a character as the last character on the line.
The login-class class and the login-regexp word are evaluated as regular expressions. The dev-class and the dev-glob word are evaluated as
shell-style globs. If a name given corresponds to a directory, and if it is a mount point listed in /etc/fstab, the device node associated
with the filesystem mounted at that point will be substituted in its place.
Classes are denoted by being contained in < angle bracket > characters; a lack of < angle brackets > indicates that the string is to be
taken literally as a login-regexp or a dev-glob, depending on its input position.
SEE ALSO
pam_console(8)
pam_console_apply(8)
console.apps(5)
AUTHOR
Michael K. Johnson <johnsonm@redhat.com>
Red Hat Software 2005/5/2 console.perms(5)