HPE Community
Operating System - HP-UX
1823178 Members
3715 Online
109647 Solutions
New Discussion юеВ

Disabling ROOT access

 
SOLVED
Go to solution
Joshua Leckner_1
Advisor

тАО05-03-2002 10:12 AM

тАО05-03-2002 10:12 AM

Disabling ROOT access

I am trying to disable ROOT access via remotely.


Anyone know how??
Hey
0 Kudos
Reply
11 REPLIES 11
pap
Respected Contributor

тАО05-03-2002 10:14 AM

тАО05-03-2002 10:14 AM

Solution

Re: Disabling ROOT access

Hi,
Just put following entry in /etc/securetty

console

You can not login as root in this machine directly by doing this. You can be super user only after doing "su".


Thanks,

-pap
"Winners don't do different things , they do things differently"
Reply
Sandip Ghosh
Honored Contributor

тАО05-03-2002 10:17 AM

тАО05-03-2002 10:17 AM

Re: Disabling ROOT access

In the /etc/securetty file make an entry

root.

It should solve your problem.

Sandip
Good Luck!!!
0 Kudos
Reply
Joshua Leckner_1
Advisor

тАО05-03-2002 10:19 AM

тАО05-03-2002 10:19 AM

Re: Disabling ROOT access

what is the difference between adding "root" or "console" ??


Hey
0 Kudos
Reply
pap
Respected Contributor

тАО05-03-2002 10:22 AM

тАО05-03-2002 10:22 AM

Re: Disabling ROOT access

You have to put console only.

By putting entries of ttys like console tty01 tyy02 etc....
you can enabling access to root in those ttys.....for direct root access.

I never used "root" to mention in /etc/securetty.

-pap
"Winners don't do different things , they do things differently"
Reply
Helen French
Honored Contributor

тАО05-03-2002 10:28 AM

тАО05-03-2002 10:28 AM

Re: Disabling ROOT access

Hi Joshua:

It's console and not root ! The tty's listed in /etc/securetty will give secure login for root.

For confirmation:

# man login

HTH,
Shiju
Life is a promise, fulfill it!
Reply
Joshua Leckner_1
Advisor

тАО05-03-2002 10:35 AM

тАО05-03-2002 10:35 AM

Re: Disabling ROOT access

This still allows users to rlogin into this system with root.


Is there a way to also disable that without disabling root??


the host.equiv only has a "+" within it.


Hey
0 Kudos
Reply
Helen French
Honored Contributor

тАО05-03-2002 10:38 AM

тАО05-03-2002 10:38 AM

Re: Disabling ROOT access

Hi Joshua:

For rlogin you need to check two files - /etc/hosts.equiv and $HOME/.rhosts. If you find any entries there, then remove it or comment it. That may solve the issue.

# man rlogin for more details

HTH,
Shiju
Life is a promise, fulfill it!
Reply
Sandip Ghosh
Honored Contributor

тАО05-03-2002 10:51 AM

тАО05-03-2002 10:51 AM

Re: Disabling ROOT access

If you put "root" in the /etc/securetty file then nobody could enter as root directly, not even from console. everytime he has to go as su -.

Instead if you put "console" then anybody can login as root from the console.

Sandip

Good Luck!!!
Reply
Darrell Allen
Honored Contributor

тАО05-03-2002 10:54 AM

тАО05-03-2002 10:54 AM

Re: Disabling ROOT access

Hi Joshua,

To disable rlogin to root, remove root's .rhosts file.

/etc/securetty is not checked if .rhosts allows the user to rlogin as root without a password. It is checked if a password is needed by rlogin.

BTW, /etc/hosts.equiv does not apply for root.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
MANOJ SRIVASTAVA
Honored Contributor

тАО05-03-2002 11:00 AM

тАО05-03-2002 11:00 AM

Re: Disabling ROOT access

Hi Joshua

Do the following in /etc/profile

loginid=`who am i | awk '{print $1}'`

echo $loginid
if [ $loginid = root ]
then
exit
fi


This will just allow you to login as another user and then do a su.


Manoj Srivastava
Reply
Deshpande Prashant
Honored Contributor

тАО05-03-2002 11:04 AM

тАО05-03-2002 11:04 AM

Re: Disabling ROOT access

Hi
I have following lines in .profile off root to block any direct logins/rlogins to root.

------
## To set direct root login to console only ##
#
user=`logname`;
sulog="/var/adm/sulog"
TTY="`tty | cut -d/ -f3`"
date=`date "+%m/%d %H:%M"`

if [ ${user} = "root" ]
then
if [ ${TTY} != "console" ]
then
echo " : root login allowed only through console..."
echo "ERR ${date} - ${TTY} ${user}-root" >> ${sulog}
exit
fi
fi

---------

Thanks.
Prashant Deshpande.
Take it as it comes.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.