On Tue, Jan 07, 2003 at 10:36:05AM -0500, [EMAIL PROTECTED] wrote: > I am trying to setup a user with the same type of security as root. > Basically I want this account so that you can only log in from the console > or using su. I don't want anyone to be able to log into this account > directly using a remote session. Can anyone help out with this? > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list >
You can restrict what terminals (ttys) root is allowed to login under by setting the contents of the /etc/securetty file. here is an example: vc/1 vc/2 tty1 tty2 pts/1 pts/2 This version lets root login on the first 2 virtual consoles, the first two serial lines, and the first two pseudo terminals. (Specified in that order, in this example) To remove all remote access remove the pseudo terms (pts/x). "Man 5 securetty" has only a little info. Adding another user with a uid of 0 basically ads another name to login under as root. Its not really another user. If you really want it to be a different user you might have to create a special copy of a shell that is set-uid to root, but you would have to wrap that with logic that check for the tty line they are logging in on. Doing that securely in a shell script is a little tricky since they could (in theory) hit the interrupt key and break out of execution of the script, which include the .profile or its equivalents. -- Jeff Kinz, Emergent Research, Hudson, MA. "[EMAIL PROTECTED]" "[EMAIL PROTECTED]" copyright 2002. Use is restricted. Any use is an acceptance of the offer at http://users.rcn.com/jkinz/policy.html. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list