Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!uwm.edu!cs.utexas.edu!chinacat!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.aix
Subject: Re: root logins & syslog
Message-ID: <18794@rpp386.cactus.org>
Date: 9 Dec 90 20:48:32 GMT
References: <2356@bnlux0.bnl.gov>
Reply-To: jfh@rpp386.cactus.org (John F Haugh II)
Organization: Lone Star Cafe and BBS Service
Lines: 21
X-Clever-Slogan: Recycle or Die.

In article <2356@bnlux0.bnl.gov> como@max.bnl.gov (Andrew T. Como) writes:
>#1 Question:  does this valid tty change also restrict "su - root" 
>		to that device.

No, the checks only apply to login time.  There are ways to restrict
someone from su-ing to your account, but not on the basis of TTY name.

If you are really interested in restricting someone on the basis of
arbitrary criteria, please look into the "auth1" and "auth2" attributes.
It is possible to define special processing on a per-user basis using
those fields.

>#2 Question:  I cannot get the syslog daemon to put the "su to root"
>		entries anywhere.  Does this work on aix?

AIX is more "System V"-like than "BSD"-like.  The AT&T "su" doesn't
perform syslogging, and neither (so far as I've ever seen ...) does
AIX.  Sad to say, but it also doesn't create records in /usr/adm/sulog ...
-- 
John F. Haugh II                             UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832                           Domain: jfh@rpp386.cactus.org