LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-26-2010, 02:48 AM   #1
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Rep: Reputation: 36
How to disable root login (Not over SSH)?


I have already disabled root login over the ssh by modifying /etc/ssh/sshd_config.

But how would i disable root login on a server itself.
We have implemented LDAP in our environment and our security guide states that root login must be obtained by first logging into the host using his/her own regular userid then gaining root privileges by using the SU.

Code:
# lsb_release -a
LSB Version:    :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: EnterpriseEnterpriseServer
Description:    Enterprise Linux Enterprise Linux Server release 5.2 (Carthage)
Release:        5.2
Codename:       Carthage
[root@~]# uname -a
Linux TomcatServer 2.6.18-92.el5 #1 SMP Fri May 23 22:17:30 EDT 2008 i686 i686 i386 GNU/Linux

Last edited by pinga123; 11-26-2010 at 03:08 AM.
 
Old 11-26-2010, 02:58 AM   #2
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
I believe you would add root to nologin group in /etc/groups.
 
Old 11-26-2010, 03:04 AM   #3
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
Try this 1

http://www.brighthub.com/computing/l...les/36257.aspx
 
Old 11-26-2010, 03:04 AM   #4
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by EDDY1 View Post
I believe you would add root to nologin group in /etc/groups.
There is no such group as nologin in /etc/groups
 
Old 11-26-2010, 03:08 AM   #5
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by EDDY1 View Post
Not sure about flushing the /etc/securetty file.
 
Old 11-26-2010, 03:08 AM   #6
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

You might want to take a look at sudo, which makes it possible for a normal user to become root (among other things) without knowing the actual root password. This, sudo, might already be partially implemented on your distro (which you do not mention).

Create and set a random/hard password for root. Put the password in an envelope and give that envelope to someone that has the authority to decide if the root password is actually needed. S/he puts the password in a safe place.


Reason for edit: Original question has been altered after given answers.

Hope this helps.

Last edited by druuna; 11-26-2010 at 04:24 AM. Reason: Original question has been altered.
 
0 members found this post helpful.
Old 11-26-2010, 04:00 AM   #7
chickenjoy
Member
 
Registered: Apr 2007
Distribution: centos,rhel, solaris
Posts: 200

Rep: Reputation: 30
empty out the file: /etc/securetty

Code:
# > /etc/securetty
-- this will not allow the user 'root' to login directly from the login prompt in the virtual terminals (alt + Fx) even when in front of the machine.
-- but anyone other than root CAN login and if he/she knows the password to the root account; he can run 'su' command to switch to the root user.

based on the original question; I believe this is the solution.

Last edited by chickenjoy; 11-26-2010 at 04:01 AM.
 
Old 11-26-2010, 04:21 AM   #8
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
@pinga123: Do not change the question in your original post _after_ people have given you advise. The answers given might look out of context if you do this!! My answer isn't appropriate any more now you have changed it.

If you want/need to change the original question for whatever reason, post a follow up message!!

Last edited by druuna; 11-26-2010 at 04:22 AM.
 
Old 11-26-2010, 05:21 AM   #9
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by druuna View Post
@pinga123: Do not change the question in your original post _after_ people have given you advise. The answers given might look out of context if you do this!! My answer isn't appropriate any more now you have changed it.

If you want/need to change the original question for whatever reason, post a follow up message!!
I didnt change the question just added the operating system details by editing it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable Root login via ssh UltraSoul Solaris / OpenSolaris 3 02-09-2007 03:18 AM
Disable Root Login Via SSH = Why? carlosinfl Linux - Security 4 10-11-2006 01:32 PM
disable root login with ssh linuxtesting2 Slackware 3 02-16-2005 01:33 PM
How can I disable root login with SSH? blk96gt Slackware 9 10-02-2004 08:09 AM
SSH/Telnet, disable root login, how? muhazam Linux - Security 6 08-17-2004 01:49 PM


All times are GMT -5. The time now is 01:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration