LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-28-2006, 09:51 PM   #1
bx.s
LQ Newbie
 
Registered: Jan 2006
Distribution: Ubuntu
Posts: 13

Rep: Reputation: Disabled
text terminals


I have been doing some reading, and the book mentioned /etc/securetty. My understanding of it is that it is a list of terminals that root is allowed to log into. I understand that ttys are the interface (terminal) between the keyboard and the system. I have looked though wikipedia and the HOWTO (which didn't help my understanding) to try to gain insight however I am assuming that I am not understanding some general thing here, so here is my question: if narrowing the list of ttys in securetty to tty1 prevents the root from logging in from everywhere but the box itself, how can users still do "su" to log in as root?

Also, what is the reason to have so many different tty* s (tty1, tty2, etc)? I would think that it would be for multiple users to be logged in, but those who are ssh-ed in get a terminal like pts/0. Are the different number of ttys just a remnant from the past when there were a number of terminals, or is it still useful today?

I am looking forward to your responses, and if you have a pointer to some page that explains ttys for the clueless well, I would also be appreciative.
 
Old 06-28-2006, 10:13 PM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

When you 'su' you don't log in as the user you are su'ing to (root in most cases). The new shell is just run with the user's UID and GID, to allow you access to their files/devices. Try doing 'su -', then run 'who am i' - your original user should be shown.

It's highly likely that you currently have 6 tty devices available to you right now. Doing Ctrl-Alt-F1 to Ctrl-Alt-F6 should show them (Alt-F7 to get back to the GUI). You can also have ttys on serial ports, and this is still commonly used for configuring headless servers. As for the security side of restricting ttys, it might be desireable to limit root logins to a physical terminal (on a serial port), so that you need physical access to the box to go root. You can then remove the root SUID flag from the 'su' utility to stop people from su'ing to root at all.

DAve
 
Old 06-29-2006, 02:52 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,374

Rep: Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383Reputation: 2383
Actually, when I use su or 'su -' whoami shows me as root :-)
Actually, the diff is the '-' gives you roots env (as if you had logged in as him). Without the '-', you are still root, but with orig user's env.
Similarly if you su (-) to another user altogether.
 
Old 06-29-2006, 08:03 AM   #4
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Ah, not whoami, but 'who am i'
Code:
[0 dave@cronus ~]$ su -
Password:
[root@cronus ~]# who am i
dave     pts/0        2006-06-29 14:03 (:0.0)
[root@cronus ~]#
whoami just gives the effective userid (which will change when you su).
 
Old 06-30-2006, 10:53 AM   #5
bx.s
LQ Newbie
 
Registered: Jan 2006
Distribution: Ubuntu
Posts: 13

Original Poster
Rep: Reputation: Disabled
[QUOTE=ilikej
When you 'su' you don't log in as the user you are su'ing to (root in most cases). The new shell is just run with the user's UID and GID, to allow you access to their files/devices. Try doing 'su -', then run 'who am i' - your original user should be shown.
[/QUOTE]

Thank you for the answers. So when you do `su -` it changes the shell environment. Does it not run (for example) ~/.bash_profile? What happens in a login that doesn't happen in an su that causes the machine to make sure root is only using an "approved" terminal?

Also, the man pages weren't clear about it but if you run `su` (without the - option) it only changes uid, right?
 
Old 06-30-2006, 02:34 PM   #6
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi again.

Using 'su -' causes the new shell to be invoked as a login shell:
(From the bash man page)
Quote:
When bash is invoked as an interactive login shell, or as a non-inter-
active shell with the --login option, it first reads and executes com-
mands from the file /etc/profile, if that file exists. After reading
that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile,
in that order, and reads and executes commands from the first one that
exists and is readable. The --noprofile option may be used when the
shell is started to inhibit this behavior.

When a login shell exits, bash reads and executes commands from the
file ~/.bash_logout, if it exists.
so yes, .profile etc will be read.

su on its own just sets USER, SHELL and LOGNAME for the 'new' user.

Dave
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Text Terminals Cut Off nagloc Linux - General 2 08-20-2004 08:35 AM
Problems with text displaying in Terminals (Suse 8.1) mzu Linux - Distributions 1 04-13-2003 07:05 AM
text terminals chaste Linux - Networking 1 08-21-2002 04:52 PM
text terminals via ip chaste Linux - General 3 08-21-2002 04:25 PM
Copy text between terminals? Ryan_Sutton Linux - Newbie 3 07-06-2002 10:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration