On Tue, Jan 07, 2003 at 10:36:05AM -0500, [EMAIL PROTECTED] wrote:
> I am trying to setup a user with the same type of security as root.
> Basically I want this account so that you can only log in from the console
> or using su.  I don't want anyone to be able to log into this account
> directly using a remote session.  Can anyone help out with this?
> 
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
> https://listman.redhat.com/mailman/listinfo/redhat-list
> 

You can restrict what terminals (ttys) root is allowed to login under by
setting the contents of the /etc/securetty file.  here is an example:

vc/1
vc/2
tty1
tty2
pts/1
pts/2

This version lets root login on the first 2 virtual consoles,
the first two serial lines, and the first two pseudo terminals.
(Specified in that order, in this example)

To remove all remote access remove the pseudo terms (pts/x).

"Man 5 securetty" has only a little info.


Adding another user with a uid of 0 basically ads another name to login
under as root.  Its not really another user.

If you really want it to be a different user you might have to create a
special copy of a shell that is set-uid to root, but you would have to wrap
that with logic that check for the tty line they are logging in on.  Doing
that securely in a shell script is a little tricky since they could
(in theory) hit the interrupt key and break out of execution of the
script, which include the .profile or its equivalents.

-- 
Jeff Kinz, Emergent Research,  Hudson, MA.  "[EMAIL PROTECTED]" 
"[EMAIL PROTECTED]" copyright 2002.  Use is restricted. Any use is an 
acceptance of the offer at http://users.rcn.com/jkinz/policy.html.



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to