topic Re: Restricting Root access in Operating System - HP-UX

Restricting Root access

Steve Massey — Wed, 10 May 2000 09:15:59 GMT

Hi

How can I stop root telneting directly into a box, I prefer a su to root.

Steve

Re: Restricting Root access

eRT — Wed, 10 May 2000 11:21:34 GMT

YOu can set up the /etc/securetty file. All that needs to be in this file is the word console. This will only allow root to login at the console. Anyone telnetting in will have to do it as themselves and then su to root. I hope this helps.

Re: Restricting Root access

Eric J. Gonzalez — Fri, 02 Jun 2000 14:34:50 GMT

Once the /etc/securetty is created and have the word console in it, do
chmod 600 /etc/securetty this will prevent
users from removing the word console from the file.

Re: Restricting Root access

Brian M. Fisher — Fri, 02 Jun 2000 14:50:12 GMT

Another good idea is to add root to /etc/ftpusers this file should contain the user names of all administrative accounts to prevent direct ftp access.

Brian
<*(((>< er

Re: Restricting Root access

Rick Garland — Fri, 02 Jun 2000 16:50:16 GMT

May not be exactly what you are looking for, but...

You can prevent root logins by a tty or you can prevent all root logins (or a subset of)
through the use of sudo.

Direct root logins can be allowed only on the console (or where ever you choose) and other locations must su to root. Need to have the root passwd and not be restricted by the sudoers file.