cancel
Showing results for 
Search instead for 
Did you mean: 

Disable root login

Disable root login

I need to disable the direct root logon on our servers. I require the software engineers to logon as their own username and "su" to
root when necessary. Root logon should only be allowed from the console.

How is this done? I am new to this.

I am concerned about our Tru64 cluster servers. If I disable the root logon, will this have and impact on the cluster ?
4 REPLIES
Vladimir Fabecic
Honored Contributor

Re: Disable root login

Hello
There is a file /etc/securettys. If you want to allow root login from console only, it should be like this:
#
/dev/console
local:0
:0
#
No other lines should exist (there must not be "ptys" in /etc/securettys)
Every "su" or "su -" is ussualy logged.
In vino veritas, in VMS cluster
Vladimir Fabecic
Honored Contributor

Re: Disable root login

About cluster? It depends on how is cluster organized. Just chech securettys on every member.
In vino veritas, in VMS cluster
Stiwi Wondrusch
Trusted Contributor

Re: Disable root login

Hi Francois

The file /etc/securettys lists the devices where root can log in (man securettys).

If it looks like this root can only login on the console:

# cat /etc/securettys
...
#
/dev/console
local:0
:0

rgds Stiwi

Re: Disable root login

Thanx guys I will try this..it seems the most simple way to do it...thanx again.