09-25-2000
/etc/securetty
On many flavors of Unix it is:
/etc/securetty
10 More Discussions You Might Find Interesting
1. Answers to Frequently Asked Questions
We have quite a few threads about this subject. I have collected some of them and arranged them by the OS which is primarily discussed in the thread. That is because the exact procedure depends on the OS involved. What's more, since you often need to interact with the boot process, the... (0 Replies)
Discussion started by: Perderabo
0 Replies
2. AIX
Hi, yesterday, I changed root's shell in /etc/passwd, cause a mistake then I can not log in root account (can't find correct shell). I attempted to log in single-mode, however, it prompted for single-mode's password then I type root's password but still can not log in.
I'm using AIX 5L version 5.2... (2 Replies)
Discussion started by: neikel
2 Replies
3. Solaris
I couldnt find this in any other post - so hoping someone can help out.
I want to set password expiry (or rather I have to) for a number of users on my solaris 9 system. I know i can set the following options in the /etc/default/passwd file to do it and then just type a passwd -f <username> to... (6 Replies)
Discussion started by: frustrated1
6 Replies
4. UNIX for Dummies Questions & Answers
I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies
5. Linux
Hi Guys....
I am a newbie to unix. I have a requirement. I have a server. I have to configure ssh to disable direct root login and then add a user with sudo access to this server.Then change the ssh port to 22315 and the server should permit the ssh only from my local machine ip.I also have to... (1 Reply)
Discussion started by: mahesh_raghu
1 Replies
6. UNIX for Dummies Questions & Answers
I have already disabled root login over the ssh by modifying /etc/ssh/sshd_config.
But how would i disable root login on a server itself.
We have implemented LDAP in our environment and our security guide states that root login must be obtained by first logging into the host using his/her own... (2 Replies)
Discussion started by: pinga123
2 Replies
7. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
8. Linux
Hello!
Do anyone have idea how to block switching to root if user have full sudo?
One way is in sudoers file block use of "su", but still it`s possible with sudo -i or sudo -s , sudo bash etc.
Other way is create alias on sudoers and permit only specific commands for user.
Any ideas? (6 Replies)
Discussion started by: jabalv
6 Replies
9. AIX
Hi,
i am able to login to AX server thru console but not able to login directly thru server.
also the server is not ping-able with other server.
filesystem is fine. and OS version is AIX 5.3.
please let me know if you need any specific log.
thx in advance.
Scriptor (2 Replies)
Discussion started by: scriptor
2 Replies
10. UNIX for Beginners Questions & Answers
I got an issue in a RH6.3 VM host , the issue is ttyS0 is always respawning and piling up /var/log/messages with errors.The customer is OK to have tty0 as the serial terminal but ttyS0 needs to be disabled.
Below is the mention of lines that contain 'serial' string from the xml file . How can I... (1 Reply)
Discussion started by: Paras Pandey
1 Replies
LEARN ABOUT X11R4
pam_securetty
PAM_SECURETTY(8) Linux-PAM Manual PAM_SECURETTY(8)
NAME
pam_securetty - Limit root login to special devices
SYNOPSIS
pam_securetty.so [debug]
DESCRIPTION
pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
/etc/securetty. pam_securetty also checks to make sure that /etc/securetty is a plain file and not world writable. It will also allow root
logins on the tty specified with console= switch on the kernel command line and on ttys from the /sys/class/tty/console/active.
This module has no effect on non-root users and requires that the application fills in the PAM_TTY item correctly.
For canonical usage, should be listed as a required authentication method before any sufficient authentication methods.
OPTIONS
debug
Print debug information.
noconsole
Do not automatically allow root logins on the kernel console device, as specified on the kernel command line or by the sys file, if it
is not also specified in the /etc/securetty file.
MODULE TYPES PROVIDED
Only the auth module type is provided.
RETURN VALUES
PAM_SUCCESS
The user is allowed to continue authentication. Either the user is not root, or the root user is trying to log in on an acceptable
device.
PAM_AUTH_ERR
Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the /etc/securetty file is world
writable or not a normal file.
PAM_INCOMPLETE
An application error occurred. pam_securetty was not able to get information it required from the application that called it.
PAM_SERVICE_ERR
An error occurred while the module was determining the user's name or tty, or the module could not open /etc/securetty.
PAM_USER_UNKNOWN
The module could not find the user name in the /etc/passwd file to verify whether the user had a UID of 0. Therefore, the results of
running this module are ignored.
EXAMPLES
auth required pam_securetty.so
auth required pam_unix.so
SEE ALSO
securetty(5), pam.conf(5), pam.d(5), pam(7)
AUTHOR
pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
Linux-PAM Manual 09/19/2013 PAM_SECURETTY(8)