[SOLVED] disabling grafical login to root on Suse server sle 10.2 sp2

SAbhi · 12-13-2011, 05:59 AM

Hi,,

here i am trying to do something like preventing any user to login as root graphically on my server .

I am using SuSe Server SLE 10.2 sp2 .

I have seen in fedora selinux does tha same by gdm and gdm-password file entries but in Suse linux there is no selinux but apparmor that too i dont know to configure apparmor for this purpose.

so anyone tell me to do so , a full process ...will be a great help..

thanks in advance...

TobiSGD · 12-13-2011, 12:33 PM

I see some problems here:
- Why are you running a GUI on a server?
- Why have your users the root password?
- If you block root logins in graphical mode, but allow them in text mode, any user logged in as root to a text console can easily edit the configuration files for allowing graphical login again.

So the obvious solution would be: Don't give your users the root password.

SAbhi · 12-13-2011, 11:53 PM

Quote:

Originally Posted by TobiSGD

I see some problems here:
- Why are you running a GUI on a server?
- Why have your users the root password?
- If you block root logins in graphical mode, but allow them in text mode, any user logged in as root to a text console can easily edit the configuration files for allowing graphical login again.

So the obvious solution would be: Don't give your users the root password.

Dear,

There are more than 1 admin for the server.
Only 1 is a root admin.
Others are for database and other stuff.
Sudoers are not previlaged to edit files.

The only thing is that graphical login thru root is to be disabled.

as i worked on redhat with selinux and gdm permissions but i have no idea on Suse server regarding that and for that i need help.
can you or anyone further discuss in what way i can desable graphical login to root.

Reuti · 12-14-2011, 06:36 AM

There is a document at the Novell site.

In short: add a second line to /etc/pam.d/gdm reading:

Code:

auth    required    pam_securetty.so

SAbhi · 12-19-2011, 01:37 AM

Quote:

Originally Posted by Reuti

There is a document at the Novell site.

In short: add a second line to /etc/pam.d/gdm reading:

Code:

auth    required    pam_securetty.so

Sorry this doesnt worked out..
any other file to make changes as Suse didnt had gdm-password file under /etc/pam.d/

Reuti · 12-19-2011, 03:53 AM

It’s a typo, but it’s correct in the document I posted: the file in question is called xdm.

SAbhi · 12-19-2011, 05:16 AM

Quote:

Originally Posted by Reuti

It’s a typo, but it’s correct in the document I posted: the file in question is called xdm.

Thank you Reuti but its incomplete...rather i tried on my own and get it worked..

In the same file .../etc/pam.d/gdm
adding this line solves my problem ...now GUI thru root is disabled...

Quote:

auth required pam_succeed_if.so user != root quiet

courtesy to fedora 11 actually...thru its gdm file i got this line...worked successfully on suse..

Reuti · 12-19-2011, 05:32 AM

This is strange, as the document describes SLES 9 and it’s even working on openSUSE 11.4. What do you mean by it’s incomplete?

SAbhi · 12-23-2011, 03:34 AM

Quote:

Originally Posted by Reuti

This is strange, as the document describes SLES 9 and it’s even working on openSUSE 11.4. What do you mean by it’s incomplete?

i dont know actually but for me the above lines doesnt worked out...