Re: restricting logins on tty1
On 8/1/2000 Jim B wrote: One other quickie: what's the functional difference between /etc/login.access and /etc/security/access.conf? When I place restrictions in the latter, nothing seems to happen, though the files are in exactly the same format. What then is the purpose of the one in /etc/security? /etc/security/access.conf is used by pam_access.so which you need to add to the appropriate PAM service files in /etc/pam.d/ (such as login) /etc/login.access I am not sure about, I thought it was obsolete but i could be wrong. as for what your are trying to do not working, I am not sure, I have had problems trying to get access.conf and such to work right as well, either the docs are not quite good enough yet or something is still a bit buggy... one thing that could be causing the wheel group troubles is the ambiguity caused by gid 0 being called `root' just like uid 0, I personally just made a new group called wheel and use that to enforce the BSD style wheel group (only wheel members may su to root) but I did this more because i got tired of fixing packages which install all there files gid 0 writable. (i don't want halfway root permissions to the filesystem unless i actually switched to root) just out of curiosity why did GNU/Linux not follow the BSD semantics on the wheel group? and instead name gid 0 root and have it function as root's private (primary) group? -- Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Re: restricting logins on tty1
OK thanks for the info... I seem to have /etc/login.access working now. The problem was as you had indicated... the user I was trying to restrict was a member of my root group so unless I restrict him explicitly with his own entry in login.access, he can also log in on tty1. Other users are successfully banned from that terminal though. As for why we're using group root and not wheel, there's a little note from RMS in the su man page... check it out. (Personally I disagree with that thinking on this, but that's where the explanation is.) On Sat, 8 Jan 2000, Ethan Benson wrote: /etc/login.access I am not sure about, I thought it was obsolete but i could be wrong. as for what your are trying to do not working, I am not sure, I have had problems trying to get access.conf and such to work right as well, either the docs are not quite good enough yet or something is still a bit buggy... one thing that could be causing the wheel group troubles is the ambiguity caused by gid 0 being called `root' just like uid 0, I personally just made a new group called wheel and use that to enforce the BSD style wheel group (only wheel members may su to root) but I did this more because i got tired of fixing packages which install all there files gid 0 writable. (i don't want halfway root permissions to the filesystem unless i actually switched to root) just out of curiosity why did GNU/Linux not follow the BSD semantics on the wheel group? and instead name gid 0 root and have it function as root's private (primary) group?
Re: restricting logins on tty1
On Sun, 9 Jan 2000, Jim B wrote: As for why we're using group root and not wheel, there's a little note from RMS in the su man page... check it out. (Personally I disagree with that thinking on this, but that's where the explanation is.) Actually it's in the su info page. I thought it was in both but it's apparently not. info su
Re: restricting logins on tty1
Sorry for replying to my own post, but I made a little mistake... I don't have ROOT but rather root :P So it shouldn't be a case-sensitivity issue... that was just a typo in my e-mail to the list. :-\ On Sat, 8 Jan 2000, Jim B wrote: # Restrict tty to root (this is what I'm trying to accomplish): -:ALL EXCEPT ROOT:tty1