From: Green, Simon (Simon.Green@EU.ALTRIA.COM)
Date: Thu Jul 03 2003 - 11:31:17 EDT
Do you have other terminals attached to this system, then?
If not, then simply login=true,rlogin=false.
Simon Green
Altria ITSC Europe Ltd
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
N.B. Unsolicited email from vendors will not be appreciated.
> -----Original Message-----
> From: Stephen Spalding [mailto:ssaixadm@YAHOO.COM]
> Sent: 03 July 2003 16:24
> To: aix-l@Princeton.EDU
> Subject: Restricting root
>
>
> All,
>
> I want to restrict the root user so that the admins
> must log in with their own userids first and then 'su
> -' to root. I want it so that root cannot directly
> telnet to the box. The catch is that I want root to be
> able to log in directly from the console.
>
> I know that setting the 'User can LOGIN REMOTELY?'
> field to false for root takes care of my first issue.
> I then can create individual ids for my admins and
> also create an 'SU GROUP' for them to be a part of.
>
> I've tried setting 'Valid TTYs' to /dev/tty0, but that
> completely restricts root access to the console, which
> is tighter than what I want.
>
> Does anyone know how to do this?
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:59 EDT