HPE Community
Operating System - HP-UX
1833758 Members
2427 Online
110063 Solutions
New Discussion

Re: Root Login

 
avm
Contributor

‎03-24-2001 06:49 AM

‎03-24-2001 06:49 AM

Root Login

Hi Friends,
Can anybody tell us how to disable root login from other terminals (except console) and disabling the "su login for root also
So that no one can enter into system as root


Thanks in adv
avm
0 Kudos
Reply
4 REPLIES 4
Carsten Krege
Honored Contributor

‎03-24-2001 07:24 AM

‎03-24-2001 07:24 AM

Re: Root Login

If the file /etc/securetty exists and contains a line with the word "console", root will only be allowed to login from the console. See the man page of login(1). However, login via su(1) will still be allowed with securetty set.

If you convert your system to a trusted system (use SAM -> Auditing and Security ), you can refine the security policy which user can use what terminal to login (in the System Security Policies section).

You can unconvert the system at any time (also using SAM in any "Actions" submenu.).

Carsten
-------------------------------------------------------------------------------------------------
In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move. -- HhGttG
0 Kudos
Reply
Philip Chan_1
Respected Contributor

‎03-24-2001 07:32 AM

‎03-24-2001 07:32 AM

Re: Root Login

First, use /etc/securetty (with the word "console") to stop non-console login of root.

Second, convert your system to trust, make yourselve a restricted SAM user (sam -r) with superuser privileges, login by your account then disable "root" user.

~Philip
0 Kudos
Reply
Vincenzo Restuccia
Honored Contributor

‎03-26-2001 05:46 AM

‎03-26-2001 05:46 AM

Re: Root Login

Edit /etc/securetty with:
CONSOLE=/dev/console
0 Kudos
Reply
Steve Faidley
Valued Contributor

‎04-04-2001 10:25 AM

‎04-04-2001 10:25 AM

Re: Root Login

Understand that this is not perfect in a nontrusted HP system. Sun keeps you out via ftp but HP doesn't.
If you know what your doing you can ftp as root and rename the file, then login via telnet.
So if you realy want to lock it down you need to deny root from ftping via the /etc/ftpd/ftpusers file.
See man ftpusers
If it ain't broke, let me have a look at it.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.