root restrictions
Brian Zimbelman
brian at is.UUCP
Fri Jun 14 13:36:06 AEST 1991
In article (David J. Kleikamp) writes:
> In article (Andrew T. Como) writes:
> >
> >I need a mechanism to restrict root logins to the console.
> >
> >If I change the user characteristics "valid TTYs" to the console
> >you can only "su" to "root" from the console. (this is not practical)
> >
> > Andrew Como
I have used "valid TTYs" a number of times with no difficulties. Actually,
I did have one problem, AIX requires a full pathname for this field.
valid TTYs = tty0 FAILS
valid TTYs = /dev/tty0 WORKS
I do not remember if I tried '/dev/console' or not, but '/dev/tty?'
works fine. This will restrict LOGINS of the user to this device, however
it will not restrict others from switching user to this user while
logged in on other devices.
> Okay, I'll ask.
>
> What good is it to restrict root logins to the console if you do allow other
> users to su to root from other TTY's?
>
> Anyway, one way of doing this would be to write your own authentication
> method. I've never done this myself, but you define the authentication
> methods in the /etc/security/login.cfg file.
> --
> ---------------------------------------------------------------------------
> David J. "Shaggy" Kleikamp dave at kleikamp.austin.ibm.com
> The content of this posting is independent of official IBM position.
> External: uunet!cs.utexas.edu!ibmaus!auschs!kleikamp.austin.ibm.com!dave
Good Luck,
Brian Zimbelman
President
Innovative Solutions
Disclaimer: Works for me!!!
-----------------------------------------------------------------------------
Innovative Solutions (505) 883-4252
3547 Colorado NE is!brian at bbx.basis.com
Albuquerque, NM 87110 bbx.basis.com!is!brian
More information about the Comp.unix.aix
mailing list