HPE Community
Operating System - HP-UX
1833749 Members
2811 Online
110063 Solutions
New Discussion

Restricting Root access

 
Steve Massey
New Member

‎05-10-2000 02:15 AM

‎05-10-2000 02:15 AM

Restricting Root access

Hi

How can I stop root telneting directly into a box, I prefer a su to root.

Steve

0 Kudos
Reply
4 REPLIES 4
eRT
Occasional Advisor

‎05-10-2000 04:21 AM

‎05-10-2000 04:21 AM

Re: Restricting Root access

YOu can set up the /etc/securetty file. All that needs to be in this file is the word console. This will only allow root to login at the console. Anyone telnetting in will have to do it as themselves and then su to root. I hope this helps.
0 Kudos
Reply
Eric J. Gonzalez
Occasional Advisor

‎06-02-2000 07:34 AM

‎06-02-2000 07:34 AM

Re: Restricting Root access

Once the /etc/securetty is created and have the word console in it, do
chmod 600 /etc/securetty this will prevent
users from removing the word console from the file.
0 Kudos
Reply
Brian M. Fisher
Honored Contributor

‎06-02-2000 07:50 AM

‎06-02-2000 07:50 AM

Re: Restricting Root access

Another good idea is to add root to /etc/ftpusers this file should contain the user names of all administrative accounts to prevent direct ftp access.

Brian
<*(((>< er
Perception IS Reality
0 Kudos
Reply
Rick Garland
Honored Contributor

‎06-02-2000 09:50 AM

‎06-02-2000 09:50 AM

Re: Restricting Root access

May not be exactly what you are looking for, but...

You can prevent root logins by a tty or you can prevent all root logins (or a subset of)
through the use of sudo.

Direct root logins can be allowed only on the console (or where ever you choose) and other locations must su to root. Need to have the root passwd and not be restricted by the sudoers file.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.