https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832181#M89159 Sorry, the permissions should be '400' we don't want write permissions, and only 'root' should be able to read it. Wed, 23 Oct 2002 23:03:33 GMT Michael Tully 2002-10-23T23:03:33Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832179#M89157 i want to block root access from a telnet session. the admin must be at the console to login directly as root. however i want to telnet with a valid username, then execute su to root when needed.<BR /><BR />is there a console=/dev/console parameter i could set for this?<BR /><BR />thanks Wed, 23 Oct 2002 22:51:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832179#M89157 Bob_16 2002-10-23T22:51:54Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832180#M89158 Hi Bobby,<BR /><BR />Create a file in /etc called<BR /><BR />securetty<BR /><BR />And in that file place the word<BR /><BR />console<BR /><BR />And only that word. <BR />Then set perms on /etc/securetty to <BR /><BR />-r--r--r-- root:sys<BR /><BR />This will allow root logins ONLY from the console<BR /><BR />Rgds,<BR />Jeff Wed, 23 Oct 2002 22:58:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832180#M89158 Jeff Schussele 2002-10-23T22:58:58Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832181#M89159 Sorry, the permissions should be '400' we don't want write permissions, and only 'root' should be able to read it. Wed, 23 Oct 2002 23:03:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832181#M89159 Michael Tully 2002-10-23T23:03:33Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832182#M89160 Hi,<BR /><BR />What your looking for is to have root only login directly from the console.<BR /><BR /># echo "console" &gt;&gt;/etc/securetty; chmod 700 /etc/securetty ; chown root:sys /etc/securetty<BR /><BR />You might wish to invest some time into installing 'sudo' as well. You can get it from here: <A href="http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/" target="_blank">http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/</A><BR /><BR />HTH<BR />Michael Wed, 23 Oct 2002 23:05:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832182#M89160 Michael Tully 2002-10-23T23:05:11Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832183#M89161 thanks! for the quick response, that's amazing.<BR /><BR />i've set this up on a test box, and it does what i want. too bad hp-ux doesn't convey a message like solaris stating you are not at a console, but i can live with that.<BR /><BR />thanks again. Wed, 23 Oct 2002 23:22:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832183#M89161 Bob_16 2002-10-23T23:22:55Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832184#M89162 That's amazing Michael!<BR />You corrected yourself before you even answered =~)<BR /><BR />Hee..hee..hee,<BR />Jeff Wed, 23 Oct 2002 23:39:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-access-from-a-telnet-session/m-p/2832184#M89162 Jeff Schussele 2002-10-23T23:39:13Z