Hi Sukumar,
Can you try this method as well..
another way :-
Edit .profile of root as like these
#root.allow
user=`logname`;
sulog="/var/adm/sulog"
TTY="`tty | cut -d/ -f3`"
if [ ${user} = "root" ]
then
if [ ${TTY} != "console" ]
then
echo ":root login allowed only through console..."
exit
fi
else
grep ${user} /etc/root.allow > /dev/null 2>&1
if [ ${?} -ne 0 ]
then
echo " : ${user} is NOT ALLOWED TO LOGIN AS root"
date=`date "+%m/%d %H:%M"`
echo "ERR ${date} - ${TTY} ${user}-root" >> ${sulog}
exit
fi
fi
*****
create a file /etc/root.allow and enter user name who will allowed to do su.
But at my place I am using the method which is mentioned by Svetoslav Gyurov. But we are finding an alternative for this to restrict root login according to the PCs from where we are doing ssh to this machines. We are trying to achieving this using a script. So that only few machines will be able to use direct root logins along with the console. This will give more flexibility to us.
Regards,
Syam
