disabling su to root from telnet

subhasis_ray · 05-24-2002, 01:55 AM

hey can anyone help me to disallow users to su into root from a telnet login.

geoffm33 · 05-24-2002, 09:47 AM

Change the root password and don't tell them what it is!

Is your purpose to stop the root password from traveling in plain-text over the internet?

If so, use ssh.

myutopia · 05-24-2002, 10:21 AM

Easy.

Disable telnet

Consider SSH

I haven't tried this but it may be possible to change permissions on su and then If you need to su - you could use a utility called sudo ie the permissions only allow root to use the su command but sudo allows a user specified in the sudoers files to execute the command and only that command as root.

or both

for ssh have a look at my fave site
Frankenlinux

unixpirate · 02-06-2003, 11:55 AM

Don't use telnet

trickykid · 02-06-2003, 12:09 PM

In most linux distro's you can disable root login thru telnet thru the /etc/securetty file.

But if I was you I would take the suggestions of using ssh instead. Even if your not using root remotely, even as a regular user can expose your system just making it one step less for someone to break in.

unSpawn · 02-11-2003, 05:24 AM

To restrict anyone outside the "wheel" group from using "su" you can edit the /etc/pam.d/su file and add a line (or uncomment):
auth required /lib/security/pam_wheel.so use_uid

sakeeb · 02-11-2003, 06:04 AM

/etc/securetty is best method. for details read man page of login