LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Securetty (https://www.linuxquestions.org/questions/linux-security-4/securetty-187566/)

Obie 05-30-2004 03:26 AM
Securetty
 
I wish to query and understand what the securetty file does and how I should secure it?

Thanks

jschiwal 05-30-2004 06:04 AM
Some versions of login check if the terminal is listed in /etc/securetty before allowing root to log-in on that terminal. If you had a serial port hooked up to a modem, you might want to delete the line containing the entry for that terminal.

Suppose that you had a computer wired to several dumb terminals at work. The terminal that the administrator would work from would be in the list, and the others would be removed.

PLEASE note!
Your system probably uses PAM (Pluggable Authentication Modules).

excerpt from login man page:
Code:
      On most modern Linux systems PAM (Pluggable Authentication Modules)  is
      used.  On  systems that do not use PAM, the file /etc/usertty specifies
      additional access restrictions for specific users.  Note that this file
      is  not  applicable  to  login  implementations that use PAM (Pluggable
      Authentication Modules), such as most modern Linux  systems.
Please read the securetty man pages as well as login, mingetty and PAM.

Actually, start with PAM. That is were authentication is handled in linux.

It is common not to allow root logins at all. A person then needs to login with their user accounts and su to root when they need to perform administrative work. This it particularily true when more than one user has root access. I something went wrong, or something was done, administratively, that you don't understand, the logs will say who su'ed to root. Then you know who to ask what was done.

Obie 05-31-2004 06:37 PM
Thank you for your help


All times are GMT -5. The time now is 09:16 AM.