Some versions of login check if the terminal is listed in /etc/securetty before allowing root to log-in on that terminal. If you had a serial port hooked up to a modem, you might want to delete the line containing the entry for that terminal.
Suppose that you had a computer wired to several dumb terminals at work. The terminal that the administrator would work from would be in the list, and the others would be removed.
PLEASE note!
Your system probably uses PAM (Pluggable Authentication Modules).
excerpt from login man page:
Code:
On most modern Linux systems PAM (Pluggable Authentication Modules) is
used. On systems that do not use PAM, the file /etc/usertty specifies
additional access restrictions for specific users. Note that this file
is not applicable to login implementations that use PAM (Pluggable
Authentication Modules), such as most modern Linux systems.
Please read the securetty man pages as well as login, mingetty and PAM.
Actually, start with PAM. That is were authentication is handled in linux.
It is common not to allow root logins at all. A person then needs to login with their user accounts and su to root when they need to perform administrative work. This it particularily true when more than one user has root access. I something went wrong, or something was done, administratively, that you don't understand, the logs will say who su'ed to root. Then you know who to ask what was done.
Securetty
