LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-08-2007, 03:39 AM   #1
nitinatindore
Member
 
Registered: Dec 2004
Location: India
Distribution: Mandrake, Mandriva, PclinuxOS
Posts: 114

Rep: Reputation: 15
Question Disabling direct console login: forcing su


I wish to disallow direct console logon (on Linux, of course) to several previlige accounts, but instead want them to login as normal users and then do a su/sudo to login to a high privilege account.

Note: I do not wish to disable only root login which can be easily done via /etc/securetty

I did some research on Internet and found the following code snippet useful, but I am sure there could be a smarter way to do it.

/*
Ensure that the user's .profile/.bash_profile is only writable by root and readable by others and then add the following at the top:

### script begin ###
trap "" 1 2 3

REALUSER=`/usr/bin/who am i | /usr/bin/cut -f1 -d" "`
SUUSER=`id -un`

if [ "$REALUSER" = "$SUUSER" ]
then
logout
fi
### script end #####
*/
 
Old 05-08-2007, 03:47 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
at a basic level use /etc/security/access.conf
 
Old 05-08-2007, 03:54 AM   #3
nitinatindore
Member
 
Registered: Dec 2004
Location: India
Distribution: Mandrake, Mandriva, PclinuxOS
Posts: 114

Original Poster
Rep: Reputation: 15
Thumbs up

Dear Mod

Thanks for the info but please correct me if I am wrong. Is /etc/security/access.conf standard utility present on all *nix boxes or is it some kind of additional package.

A quick Googling [[http://www.rhce2b.com/clublinux/RHCE-15.shtml]] revealed that it has to be used in conjunction with PAM. I think I have quite old servers, which might not support PAM, but I am not too sure.
 
Old 05-08-2007, 04:02 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
totally standard file really.
 
Old 05-09-2007, 12:10 AM   #5
nitinatindore
Member
 
Registered: Dec 2004
Location: India
Distribution: Mandrake, Mandriva, PclinuxOS
Posts: 114

Original Poster
Rep: Reputation: 15
Thanks Chris

Problem Solved!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting DSL for autologin and forcing a better resolution on console stormrider_may DamnSmallLinux 4 02-06-2006 03:42 AM
Apache/php4 - disabling direct viewing of text files Paiway Linux - Networking 1 02-21-2005 10:09 PM
SSH Login - Forcing keys! jackster Linux - Security 5 01-25-2005 08:09 AM
Forcing password change at first login vsp_123 Linux - Security 6 01-27-2004 11:57 AM
Disabling console commands? Kage Linux - Newbie 4 02-09-2002 12:38 PM


All times are GMT -5. The time now is 11:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration