topic Re: Disabling ROOT access in Operating System - HP-UX

Disabling ROOT access

Joshua Leckner_1 — Fri, 03 May 2002 17:12:54 GMT

I am trying to disable ROOT access via remotely.

Anyone know how??

Re: Disabling ROOT access

pap — Fri, 03 May 2002 17:14:26 GMT

Hi,
Just put following entry in /etc/securetty

console

You can not login as root in this machine directly by doing this. You can be super user only after doing "su".

Thanks,

-pap

Re: Disabling ROOT access

Sandip Ghosh — Fri, 03 May 2002 17:17:56 GMT

In the /etc/securetty file make an entry

root.

It should solve your problem.

Sandip

Re: Disabling ROOT access

Joshua Leckner_1 — Fri, 03 May 2002 17:19:36 GMT

what is the difference between adding "root" or "console" ??

Re: Disabling ROOT access

pap — Fri, 03 May 2002 17:22:20 GMT

You have to put console only.

By putting entries of ttys like console tty01 tyy02 etc....
you can enabling access to root in those ttys.....for direct root access.

I never used "root" to mention in /etc/securetty.

-pap

Re: Disabling ROOT access

Helen French — Fri, 03 May 2002 17:28:00 GMT

Hi Joshua:

It's console and not root ! The tty's listed in /etc/securetty will give secure login for root.

For confirmation:

# man login

HTH,
Shiju

Re: Disabling ROOT access

Joshua Leckner_1 — Fri, 03 May 2002 17:35:57 GMT

This still allows users to rlogin into this system with root.

Is there a way to also disable that without disabling root??

the host.equiv only has a "+" within it.

Re: Disabling ROOT access

Helen French — Fri, 03 May 2002 17:38:43 GMT

Hi Joshua:

For rlogin you need to check two files - /etc/hosts.equiv and $HOME/.rhosts. If you find any entries there, then remove it or comment it. That may solve the issue.

# man rlogin for more details

HTH,
Shiju

Re: Disabling ROOT access

Sandip Ghosh — Fri, 03 May 2002 17:51:35 GMT

If you put "root" in the /etc/securetty file then nobody could enter as root directly, not even from console. everytime he has to go as su -.

Instead if you put "console" then anybody can login as root from the console.

Sandip

Re: Disabling ROOT access

Darrell Allen — Fri, 03 May 2002 17:54:30 GMT

Hi Joshua,

To disable rlogin to root, remove root's .rhosts file.

/etc/securetty is not checked if .rhosts allows the user to rlogin as root without a password. It is checked if a password is needed by rlogin.

BTW, /etc/hosts.equiv does not apply for root.

Darrell

Re: Disabling ROOT access

MANOJ SRIVASTAVA — Fri, 03 May 2002 18:00:10 GMT

Hi Joshua

Do the following in /etc/profile

loginid=`who am i | awk '{print $1}'`

echo $loginid
if [ $loginid = root ]
then
exit
fi

This will just allow you to login as another user and then do a su.

Manoj Srivastava

Re: Disabling ROOT access

Deshpande Prashant — Fri, 03 May 2002 18:04:14 GMT

Hi
I have following lines in .profile off root to block any direct logins/rlogins to root.

------
## To set direct root login to console only ##
#
user=`logname`;
sulog="/var/adm/sulog"
TTY="`tty | cut -d/ -f3`"
date=`date "+%m/%d %H:%M"`

if [ ${user} = "root" ]
then
if [ ${TTY} != "console" ]
then
echo " : root login allowed only through console..."
echo "ERR ${date} - ${TTY} ${user}-root" >> ${sulog}
exit
fi
fi

---------

Thanks.
Prashant Deshpande.