Single user security on DEC workstations.

Yedidya Israel yedidya at bimacs.BITNET
Thu Aug 24 22:50:59 AEST 1989 


We have a few workstation of DEC running Ultrix3.0 with DECwindows.

In order to prevent users from having root privileges (via b/2 on
console) we put an "exec /bin/login" in /.profile.

The problem is that when I DO want to login as root in single user
mode I cannot, (I get a "login incorrect"). It seems to me that the
console is not defined as "secure" in /etc/ttys. Indeed the console is
not defined at all - it is commented out, instead a :0 (X11 display)
is defined (with a secure clause) but in single user you do not have
DECwindows running.

My solution was to login as an ordinary user and su to root.

Did I spotted the correct problem? Is there another (nicer) solution?
What happens when discommenting ttyv0 and xcons ?

I am appending a shorted version of my /etc/ttys for reference.

#                "@(#)ttys      4.1     (ULTRIX)        11/23/87"
#
#
#
# name  getty           type            status          comments
#
#console        "/etc/getty e"   dw3            on secure # console terminal
tty00   "/etc/getty std.19200" vt100    off nomodem     # direct connect tty
[...]
tty14   "/etc/getty std.19200" vt100    off nomodem     # direct connect tty
tty15   "/etc/getty std.19200" vt100    off nomodem     # direct connect tty
ttyp0   none            network
[...]
ttyqe   none            network
ttyqf   none            network
#ttyv0 "/usr/bin/xterm -L -sb -rv -geometry =80x24+195+275 -d unix:0" \
        xterm on secure window="/usr/bin/Xqdsg -fd 75 :0"
:0 "/usr/bin/login -P /usr/bin/Xprompter -C /usr/bin/dxsession" \
        none on secure window="/usr/bin/Xqdsg -fd 75 -bp #000080 c 70"
#xcons "/usr/bin/xcons 10 ttyv0" none on nomodem
--
| Israel Yedidya, Math & CS Department, Bar-Ilan U, Ramat-Gan, ISRAEL. |
+----------------------------------------------------------------------+
| Bitnet:   yedidya at bimacs                                             |
| Internet: yedidya at bimacs.biu.ac.il                                   |
| Arpa:     yedidya%bimacs.bitnet at cunyvm.cuny.edu                      |
| Uucp:     ...!uunet!mcvax!humus!bimacs!yedidya                       |
| Csnet:    yedidya%bimacs.bitnet%cunyvm.cuny.edu at csnet-relay          |
\----------------------------------------------------------------------/
 \--- If someone proves there is no God, I'll stop being religious ---/
  --------------------------------------------------------------------

More information about the Comp.unix.wizards mailing list