https://community.hpe.com/t5/operating-system-hp-ux/changing-dev-console-permissions/m-p/3417588#M203565 This kind of /etc/profile code may work:<BR /><BR />if [ "$chkname" = "root" ]<BR />then<BR /> echo "..........."<BR />else<BR /># echo "making the terminal file secure from hackers."<BR /> mesg n &gt;/dev/null<BR />fi<BR /><BR />if [ "$LOGNAME" = "root" ]<BR />then<BR /> echo "Native root login. Securing the terminal file."<BR /> mesg n &gt;/dev/null<BR />fi<BR /><BR /># just change the device.<BR /><BR />SEP Mon, 08 Nov 2004 16:36:16 GMT Steven E. Protter 2004-11-08T16:36:16Z https://community.hpe.com/t5/operating-system-hp-ux/changing-dev-console-permissions/m-p/3417587#M203564 All,<BR />Due to security requirements, I would like to change the permissions on /dev/console so it is not world writable when someone is logged in on the console (especially root). I've searched here and found a couple of ideas that didn't work.<BR /><BR />I've checked two different systems where on one this works and on the other it doesn't and there are no differences on the file permissions when either logged in on the console or not logged in (when logged in they're the same on both, when not logged in they're the same on both).<BR /><BR />I've also looked at the idea of changing the group ownership of /dev/console to sys, but on the system where this works, this isn't how it was done either. <BR /><BR />Any suggestions? I've been all through the processes and can't find any way of implementing this. I could program it somehow, but would rather not if someone has a better solution.<BR /><BR />TIA...<BR /><BR />Gonzo<BR /> Mon, 08 Nov 2004 16:26:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/changing-dev-console-permissions/m-p/3417587#M203564 Kevin Bushman 2004-11-08T16:26:23Z https://community.hpe.com/t5/operating-system-hp-ux/changing-dev-console-permissions/m-p/3417588#M203565 This kind of /etc/profile code may work:<BR /><BR />if [ "$chkname" = "root" ]<BR />then<BR /> echo "..........."<BR />else<BR /># echo "making the terminal file secure from hackers."<BR /> mesg n &gt;/dev/null<BR />fi<BR /><BR />if [ "$LOGNAME" = "root" ]<BR />then<BR /> echo "Native root login. Securing the terminal file."<BR /> mesg n &gt;/dev/null<BR />fi<BR /><BR /># just change the device.<BR /><BR />SEP Mon, 08 Nov 2004 16:36:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/changing-dev-console-permissions/m-p/3417588#M203565 Steven E. Protter 2004-11-08T16:36:16Z https://community.hpe.com/t5/operating-system-hp-ux/changing-dev-console-permissions/m-p/3417589#M203566 The permissions are set to 622 as part of the normal console login. Normally write permission is not considered to be a security risk because even if the root user (logged in at the console) saw "Please enter root password for verification" and were dumb enough to respond unless a process had read access to that port no damage would be done. You should also be aware that some daemons which might not be run as root) might write error messages to the console. One option would be to modify root's .profile and if connected to /dev/console determined by "who am i" then set the port permissions but this is really not a risk.<BR /><BR /> Mon, 08 Nov 2004 16:43:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/changing-dev-console-permissions/m-p/3417589#M203566 A. Clay Stephenson 2004-11-08T16:43:03Z