HPE Community
Operating System - HP-UX
1829594 Members
1800 Online
109992 Solutions
New Discussion

How to restrict a user from logging remotely as a root user

 
SOLVED
Go to solution
seizen
New Member

‎09-11-2001 10:42 PM

‎09-11-2001 10:42 PM

How to restrict a user from logging remotely as a root user

On HP-UX v11,
how can I restrict a user from
logging remotely(rlogin or telnet)
as a root user?
A user can use "su" to be
a root user after logging as a regular user remotely.)
(In other words, a root user can login to the system only from the console.)
Please let me know.

Thanks,
Seizen
0 Kudos
Reply
6 REPLIES 6
Bill McNAMARA_1
Honored Contributor

‎09-11-2001 10:52 PM

‎09-11-2001 10:52 PM

Solution

Re: How to restrict a user from logging remotely as a root user

# echo console > /etc/securetty
# chown root:sys /etc/securetty
# chmod 644 /etc/securetty

Later,
Bill
It works for me (tm)
Reply
Thierry Poels_1
Honored Contributor

‎09-11-2001 10:55 PM

‎09-11-2001 10:55 PM

Re: How to restrict a user from logging remotely as a root user

hi,
"passwd" is a very good tool for preventing users to log on as root ;)
To limit the terminals where root can log on directly, create /etc/securetty and list the terminals (console!) where root may logon. (stay logged on as root on a terminal when setting this up!)

regards,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
Animesh Chakraborty
Honored Contributor

‎09-11-2001 11:04 PM

‎09-11-2001 11:04 PM

Re: How to restrict a user from logging remotely as a root user

Hi,
another way :-
Edit .profile of root as like these
#root.allow
user=`logname`;
sulog="/var/adm/sulog"
TTY="`tty | cut -d/ -f3`"

if [ ${user} = "root" ]
then

if [ ${TTY} != "console" ]
then
echo ":root login allowed only through console..."
exit
fi
else
grep ${user} /etc/root.allow > /dev/null 2>&1

if [ ${?} -ne 0 ]
then
echo " : ${user} is NOT ALLOWED TO LOGIN AS root"
date=`date "+%m/%d %H:%M"`
echo "ERR ${date} - ${TTY} ${user}-root" >> ${sulog}
exit
fi
fi
*****
create a file /etc/root.allow and enter user name who will allowed to do su.

best of luck
Animesh
Did you take a backup?
Reply
seizen
New Member

‎09-11-2001 11:06 PM

‎09-11-2001 11:06 PM

Re: How to restrict a user from logging remotely as a root user

Thank you very much for the answer.

Thanks,
Seizen
0 Kudos
Reply
PUJOL Gregory
Occasional Advisor

‎10-03-2001 07:40 AM

‎10-03-2001 07:40 AM

Re: How to restrict a user from logging remotely as a root user

the use of /etc/securetty file disable the remote connection by telnet or rlogin. but it's always possible to remotely connect with Xwindow... I try this on HP-UX v10.20 ...

How can i do to enable remote connection with Xwindow ?
0 Kudos
Reply
David Lodge
Trusted Contributor

‎10-05-2001 08:37 AM

‎10-05-2001 08:37 AM

Re: How to restrict a user from logging remotely as a root user

I would normally use the /etc/securetty method, but this won't disable all ways to log in, you can still get in via X or via ssh (if installed)

ssh can be restricted from the configuration file.

X can be restricted by the following:
# cp -p /usr/dt/config/Xstartup /etc/dt/config/Xstartup
# print "[[ ${USER} = root ]] && exit 1" >>/etc/dt/config/Xstartup

dave
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.