03-28-2014
The root user is no regular user.
And for security issues, its not supposed (on any 'real' *nix system != *ubuntu (did suse remove that option yet?)) to login to GUI.
You might have better luck, to remove the users from admin group (adm) so they wont have permission to login root.
Further a closer inspection of /etc/passwd as already suggested seems a good idea.
You dont need to limit root, leave root's values alone, you need to limit the user!
10 More Discussions You Might Find Interesting
1. IP Networking
Hello Guys,
We are using Sco Unix 5.0
While we was changing root password from scoadmin, It did not change the password and hang in between.
Now, I am unable to login as root user
pls. do suggest me how can i skip root password and how can i goto root to change the password again.
Or if... (4 Replies)
Discussion started by: subho77
4 Replies
2. Answers to Frequently Asked Questions
We have quite a few threads about this subject. I have collected some of them and arranged them by the OS which is primarily discussed in the thread. That is because the exact procedure depends on the OS involved. What's more, since you often need to interact with the boot process, the... (0 Replies)
Discussion started by: Perderabo
0 Replies
3. AIX
How do I make it so user "root" can not log directly into an AIX server? I want a user to be able to SU to it but not log into it to keep a log (2 Replies)
Discussion started by: breigner
2 Replies
4. UNIX for Dummies Questions & Answers
All,
I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies
5. Solaris
Hello all,
I've a problem with root login password in Solaris.
After I installed a patch the root password became empty, so to login as root I don't have to type any password, just username: root.
I've tried the passwd command but it still doesn't work...
Does anyone knows how can I solve this?... (1 Reply)
Discussion started by: pmpx
1 Replies
6. Solaris
I want to enable root login just from one terminal machine, can i do that via /etc/default/login in console=/dev/console line ?
and if so what i have to type exactly, another question is it normal to edit the files inside defaults directly ? or i can copy it to /etc/ and edit it there and its... (3 Replies)
Discussion started by: XP_2600
3 Replies
7. AIX
Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in.
I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies
8. HP-UX
With my SSH, my HP-UX cannot login to root. It will come out a message su: unknown id: root. But I can login by user oracle. I also cannot login to console either by using root or oracle anymore. What shall I do. (5 Replies)
Discussion started by: surizan
5 Replies
9. AIX
I can use sudo su to root from my user id through ssh. Also can change root password. However, I cannnot login by root from ssh.
Does any body know why? (10 Replies)
Discussion started by: rainbow_bean
10 Replies
10. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
LOGIN(1) Linux Administrator's Manual LOGIN(1)
NAME
login - Begin session on the system
SYNOPSIS
login [ -p ] [ -h host ] [ -H ] [ -f username | username ]
DESCRIPTION
login is used when signing onto a system. If no argument is given, login prompts for the username.
The user is then prompted for a password, where approprate. Echoing is disabled to prevent revealing the password. Only a small number of
password failures are permitted before login exits and the communications link is severed.
If password aging has been enabled for the account, the user may be prompted for a new password before proceeding. He will be forced to
provide his old password and the new password before continuing. Please refer to passwd(1) for more information.
The user and group ID will be set according to their values in the file. There is one exception if the user ID is zero: in this case, only
the primary group ID of the account is set. This should prevent that the system adminitrator cannot login in case of network problems. The
value for $HOME, $SHELL, $PATH, $LOGNAME, and $MAIL are set according to the appropriate fields in the password entry. $PATH defaults to
/usr/local/bin:/bin:/usr/bin:. for normal users, and to /sbin:/bin:/usr/sbin:/usr/bin for root if not other configured. The environment
variable $TERM will be preserved, if it exists (other environment variables are preserved if the -p option is given) or be initialize to
the terminal type on your tty line, as specified in /etc/ttytype.
Then the user's shell is started. If no shell is specified for the user in /etc/passwd, then /bin/sh is used. If there is no directory
specified in /etc/passwd, then / is used (the home directory is checked for the .hushlogin file described above).
login reads the /etc/login.defs(5) configuration file. Please refer to this documenation for options which could be set.
OPTIONS
-p Used by getty(8) to tell login not to destroy the environment
-f Used to skip a second login authentication. This option is deprecated and should not be used. It does specifically not work for
root. Using this option also means, that not all PAM functions are called.
-h Used by other servers (i.e., telnetd(8)) to pass the name of the remote host to login so that it may be placed in utmp and wtmp.
Only the superuser may use this option.
-H Used by other servers (i.e., telnetd(8)) to tell login that printing the hostname should be suppressed in the login: prompt.
FILES
/var/run/utmp - list of current login sessins
/var/log/wtmp - list of previous login sessions
/etc/passwd - user account information
/etc/shadow - encrypted passwords and age information
/etc/motd - system message file
/etc/login.defs - configuration file
SEE ALSO
init(8), getty(8), mail(1), passwd(1), passwd(5), environ(7), shutdown(8), login.defs(5)
BUGS
A recursive login, as used to be possible in the good old days, no longer works; for most purposes su(1) is a satisfactory substitute.
Indeed, for security reasons, login does a vhangup() system call to remove any possible listening processes on the tty. This is to avoid
password sniffing. If one uses the command "login", then the surrounding shell gets killed by vhangup() because it's no longer the true
owner of the tty. This can be avoided by using "exec login" in a top-level shell or xterm.
AUTHOR
Derived from BSD login 5.40 (5/9/89) by Michael Glad (glad@daimi.dk) for HP-UX
Ported to Linux 0.12: Peter Orbaek (poe@daimi.aau.dk)
Added new features: Thorsten Kukuk (kukuk@suse.de)
PAM Login 3.32 2. May 2007 LOGIN(1)