From: Stephen Spalding (ssaixadm@YAHOO.COM)
Date: Thu Jul 03 2003 - 11:36:49 EDT
I kind of don't follow what you're saying.
I want root to be able to log in directly from the
console. I don't want root to be able to log in
directly from anywhere else. Setting /dev/tty0 in
'Valid TTYS' makes it so that no one can su to root
from anywhere but the console.
--- "Green, Simon" <Simon.Green@EU.ALTRIA.COM> wrote:
> Do you have other terminals attached to this system,
> then?
> If not, then simply login=true,rlogin=false.
>
> Simon Green
> Altria ITSC Europe Ltd
>
> AIX-L Archive at
> http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
> AIX FAQ at http://www.faqs.org/faqs/aix-faq/
>
> N.B. Unsolicited email from vendors will not be
> appreciated.
>
> > -----Original Message-----
> > From: Stephen Spalding [mailto:ssaixadm@YAHOO.COM]
> > Sent: 03 July 2003 16:24
> > To: aix-l@Princeton.EDU
> > Subject: Restricting root
> >
> >
> > All,
> >
> > I want to restrict the root user so that the
> admins
> > must log in with their own userids first and then
> 'su
> > -' to root. I want it so that root cannot directly
> > telnet to the box. The catch is that I want root
> to be
> > able to log in directly from the console.
> >
> > I know that setting the 'User can LOGIN REMOTELY?'
> > field to false for root takes care of my first
> issue.
> > I then can create individual ids for my admins and
> > also create an 'SU GROUP' for them to be a part
> of.
> >
> > I've tried setting 'Valid TTYs' to /dev/tty0, but
> that
> > completely restricts root access to the console,
> which
> > is tighter than what I want.
> >
> > Does anyone know how to do this?
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:59 EDT