Re: root login deny (49 Views)
Reply
Occasional Advisor
Fabricio_2
Posts: 8
Registered: ‎01-15-2003
Message 1 of 11 (49 Views)
Accepted Solution

root login deny


Hello,

How can I lock the root user login by telnet?
I want that no one does login directly.

Thanks in advance,
Fabricio.
Respected Contributor
Robert Gamble
Posts: 419
Registered: ‎04-11-1997
Message 2 of 11 (49 Views)

Re: root login deny

ls -la /etc/securetty

if it does not exist, then

echo console > /etc/securetty
chmod 400 /etc/securetty
chown root:sys /etc/securetty

see manpage for login for more details
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 3 of 11 (49 Views)

Re: root login deny

Create a file - /etc/securetty and put the word - console - in it.

This will restrict the root user login. Use root will only able to login from local console.

# man login (for more details)
Life is a promise, fulfill it!
Honored Contributor
Umapathy S
Posts: 970
Registered: ‎12-04-2001
Message 4 of 11 (49 Views)

Re: root login deny

Hi,
Create a file called securetty in /etc.

echo console >/etc/securetty
chmod 400 /etc/securetty

Now console only allow direct access to root.

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
Occasional Advisor
Fabricio_2
Posts: 8
Registered: ‎01-15-2003
Message 5 of 11 (49 Views)

Re: root login deny



OK, thanks...

And just one more question: How can I deny the remote login from a common user (not root)?

Thanks again...
Fabricio.
Honored Contributor
Umapathy S
Posts: 970
Registered: ‎12-04-2001
Message 6 of 11 (49 Views)

Re: root login deny

I fear I dont understand your problem. You can always lock the account of that user.

Or add script in .profile of that user and logoff.

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 7 of 11 (49 Views)

Re: root login deny

1) Disable the account by editing passwd file or through SAM.

2) Add 'exit' command on the user $HOME/.profile file
Life is a promise, fulfill it!
Occasional Advisor
Fabricio_2
Posts: 8
Registered: ‎01-15-2003
Message 8 of 11 (49 Views)

Re: root login deny



I don´t want that user "oracle" does login directly because it´s a generic user, I want that other user does a login and than it does a "su" for "oracle". So I can see who was oracle at sulog.

Thanks,
Fabri
Honored Contributor
Umapathy S
Posts: 970
Registered: ‎12-04-2001
Message 9 of 11 (49 Views)

Re: root login deny

Fabricio,
Simplest way is

echo exit >>~oracle/.profile.

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 10 of 11 (49 Views)

Re: root login deny

Couple of solutions to your last question can be found from here too:

http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0xbdb879...
Life is a promise, fulfill it!
Occasional Advisor
Fabricio_2
Posts: 8
Registered: ‎01-15-2003
Message 11 of 11 (48 Views)

Re: root login deny


Thanks for everybody...

I used this script at /etc/profile to solve de problem:

NAME=`logname`
if [ $NAME = oracle ]
then
exit
fi
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.