Date: Fri, 12 Nov 2004 23:18:25 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Doug Hardie" <bc979@lafn.org>, "f-questions List" <freebsd-questions@freebsd.org> Subject: RE: Root login at console Message-ID: <LOBBIFDAGNMAMLGJJCKNEEKHEPAA.tedm@toybox.placo.com> In-Reply-To: <7D533906-3540-11D9-900C-000393681B06@lafn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Doug Hardie > Sent: Friday, November 12, 2004 10:52 PM > To: f-questions List > Subject: Root login at console > > > I am setting up some 5.3 systems and have encountered a situation I > can't figure out. I have had the following (and only) active line in > 4.6 systems /etc/login.allow: > > -:ALL EXCEPT user1 user2 user3: ALL > > That only permitted logins from those 3 users and not root. The users > had to su to get to root - even on the console. However that same line > in 5.3 doesn't let anyone su to root (terminal or console). I have to > add root to the list: > > -:ALL EXCEPT root user1 user2 user3: ALL > > Then the users can su to root. However root can login on the console > directly which I don't want. I have tried a few diferent approaches to > make this work but none have succeeded. What am I missing? Thanks. > I don't think that the /etc/login.allow should have blocked root login at the console. If it did in 4.x that is a bug and 5.3 corrected it. If you want to block root login at the console then edit /etc/ttys and change the keyword from "secure" to "insecure" for the console. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNEEKHEPAA.tedm>