https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616935#M733522 how to restrict the root user to login to the console directly. I need to set the limitation like if the user needs to login as root, they must be use the su - root command to switvh as root.<BR /><BR />How can we set that one Tue, 13 Apr 2010 19:29:29 GMT gany59 2010-04-13T19:29:29Z https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616935#M733522 how to restrict the root user to login to the console directly. I need to set the limitation like if the user needs to login as root, they must be use the su - root command to switvh as root.<BR /><BR />How can we set that one Tue, 13 Apr 2010 19:29:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616935#M733522 gany59 2010-04-13T19:29:29Z https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616936#M733523 Shalom,<BR /><BR />Read:<BR /><A href="http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1367457" target="_blank">http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1367457</A><BR /><BR />SEP Tue, 13 Apr 2010 19:33:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616936#M733523 Steven E. Protter 2010-04-13T19:33:45Z https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616937#M733524 u have to see securetty file<BR /><BR /><A href="http://www.faqs.org/docs/securing/chap5sec41.html" target="_blank">http://www.faqs.org/docs/securing/chap5sec41.html</A><BR /><BR />BR,<BR />Kapil+ Wed, 14 Apr 2010 03:18:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616937#M733524 Kapil Jha 2010-04-14T03:18:40Z https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616938#M733525 Hi,<BR /><BR />The /etc/securetty file allows you to specify which TTY devices the root user is allowed to login on. The /etc/securetty file is read by the login program usually /bin/login. Its format is a list of the tty devices names allowed, and for all others that are commented out or do not appear in this file, root login is disallowed. Disable any tty that you do not need by commenting them out # at the beginning of the line. Edit the securetty file vi, /etc/securetty and comment out the following lines: <BR />tty1<BR />#tty2<BR />#tty3<BR />#tty4<BR />#tty5<BR />#tty6<BR />#tty7<BR />#tty8<BR />Which means only root is allowed to login on tty1. This is my recommendation, allowing root to log in only on one tty device and use the su command to switch to root if you need more. devices to log in as root. <BR /><BR />For ssh we need to do like this<BR /><BR />echo "PermitRootLogin no "&gt;&gt; /opt/ssh/etc/sshd_config<BR /><BR />restart sshd demon<BR /><BR />/sbin/init.d/secsh stop<BR />/sbin/init.d/secsh start<BR /><BR />Suraj<BR /> Wed, 14 Apr 2010 04:41:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616938#M733525 Suraj K Sankari 2010-04-14T04:41:37Z https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616939#M733526 In addition to Suraj's post, you should disable telnet (as a general rule) and permit only SSH.<BR /><BR />Best regards,<BR />Horia.<BR /><BR /> Wed, 14 Apr 2010 05:13:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/restrict-console-login/m-p/4616939#M733526 Horia Chirculescu 2010-04-14T05:13:31Z