Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!mips!cs.uoregon.edu!ogicse!unmvax!bbx!is!brian From: brian@is.UUCP (Brian Zimbelman) Newsgroups: comp.unix.aix Subject: Re: root restrictions Summary: But it works! Message-ID: <111@is.UUCP> Date: 14 Jun 91 03:36:06 GMT References: <1991Jun12.180648.27815@bnlux1.bnl.gov> <8439@awdprime.UUCP> Organization: Innovative Solutions, Albuquerque NM Lines: 46 In article (David J. Kleikamp) writes: > In article (Andrew T. Como) writes: > > > >I need a mechanism to restrict root logins to the console. > > > >If I change the user characteristics "valid TTYs" to the console > >you can only "su" to "root" from the console. (this is not practical) > > > > Andrew Como I have used "valid TTYs" a number of times with no difficulties. Actually, I did have one problem, AIX requires a full pathname for this field. valid TTYs = tty0 FAILS valid TTYs = /dev/tty0 WORKS I do not remember if I tried '/dev/console' or not, but '/dev/tty?' works fine. This will restrict LOGINS of the user to this device, however it will not restrict others from switching user to this user while logged in on other devices. > Okay, I'll ask. > > What good is it to restrict root logins to the console if you do allow other > users to su to root from other TTY's? > > Anyway, one way of doing this would be to write your own authentication > method. I've never done this myself, but you define the authentication > methods in the /etc/security/login.cfg file. > -- > --------------------------------------------------------------------------- > David J. "Shaggy" Kleikamp dave@kleikamp.austin.ibm.com > The content of this posting is independent of official IBM position. > External: uunet!cs.utexas.edu!ibmaus!auschs!kleikamp.austin.ibm.com!dave Good Luck, Brian Zimbelman President Innovative Solutions Disclaimer: Works for me!!! ----------------------------------------------------------------------------- Innovative Solutions (505) 883-4252 3547 Colorado NE is!brian@bbx.basis.com Albuquerque, NM 87110 bbx.basis.com!is!brian