Re: direct root acces

Prashant_15 · ‎10-28-2003

Hi,

I want to know how to restrict direct root access to HP system. I am having superdome with 11i installed. Please reply immediate..
Thanks
Regards
Prashant

Patrick Wallek · ‎10-28-2003

If you want to disallow root logins from anywhere EXCEPT the console you need to create a file called /etc/securetty and place the word 'console' (without the quote marks) in that file. I would also make sure the permissions on the file are 444 (-r--r--r--).

# cat /etc/securetty
console
#

Brian Bergstrand · ‎10-28-2003

echo console > /etc/securetty

Doing the following will restrict direct root login to the console only. su will still work from any terminal though.

HTH.

Prashant_15 · ‎10-28-2003

Cheers,

Many thanks

Brian Markus · ‎10-28-2003

I've used this trick in the past to restrict who can login. I place this code in the /etc/profile

if [ -r /etc/nologin ]
then
case $LOGNAME in
root ) ;;
bmarkus ) ;;
oracle ) ;;

esac
fi

In this case only root, bmarkus, and oracle can login. If you take root out of that list, it should do it.

Or you could do something like this

if [ `whoami` == "root" ]
then
cat /etc/nologin
exit 1
fi

Hope this helps.

-Brian.

When a sys-admin say's maybe, they don't mean 'yes'!

Robert Fritz · ‎10-29-2003

Note that securetty only restricts login methods that use a tty like telnet.

For example, SSH would not use securetty, it has its own variable in /etc/opt/ssh/sshd.config.

-Robert

Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: direct root acces

direct root acces