Restricting root

From: Stephen Spalding (ssaixadm@YAHOO.COM)
Date: Thu Jul 03 2003 - 11:23:37 EDT

• Next message: Victor M. Riefkohl: "Re: Getting Jumbo Frames to work on a p630"
• Previous message: James Thompson: "Getting Jumbo Frames to work on a p630"
• Next in thread: Green, Simon: "Re: Restricting root"
• Maybe reply: Green, Simon: "Re: Restricting root"
• Maybe reply: Green, Simon: "Re: Restricting root"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,

I want to restrict the root user so that the admins
must log in with their own userids first and then 'su
-' to root. I want it so that root cannot directly
telnet to the box. The catch is that I want root to be
able to log in directly from the console.

I know that setting the 'User can LOGIN REMOTELY?'
field to false for root takes care of my first issue.
I then can create individual ids for my admins and
also create an 'SU GROUP' for them to be a part of.

I've tried setting 'Valid TTYs' to /dev/tty0, but that
completely restricts root access to the console, which
is tighter than what I want.

Does anyone know how to do this?

Thanks!

-Stephen Spalding

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

• Next message: Victor M. Riefkohl: "Re: Getting Jumbo Frames to work on a p630"
• Previous message: James Thompson: "Getting Jumbo Frames to work on a p630"
• Next in thread: Green, Simon: "Re: Restricting root"
• Maybe reply: Green, Simon: "Re: Restricting root"
• Maybe reply: Green, Simon: "Re: Restricting root"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:59 EDT