Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
ahh then you want to actually do the job properly!! the permitrootlogin option is the usual favourite, but i recommend using /etc/security/access.conf instead to control things as a generic layer through pam, as this can match against any pam service name (amongst other things)
Can I also add that using a non-encrypted form of cxn like telnet or rsh is a really bad idea, not just for the root user.
However, good advice from acid_kewpie if you really have to use them.
Well my perspective would be that using access.conf provides an additional safety net *in case* these services are somehow running, going from something like a default permit for multiple services, to a default deny. Similar to have a default drop policy in iptables even when you're happy to permit access to every port that you know is already open, and that there is nothing else listening. You'd still expect connections on port 23 to not be allowed anywhere near userland.
Last edited by acid_kewpie; 05-27-2011 at 02:48 AM.