LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-10-2006, 11:19 AM   #1
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
/etc/securetty


Hi Guys,
I'm just a bit confused with the behaviour of /etc/securetty.While I've read through a number of posts and articles which say that /etc/securetty contains a list of terminals root can login on I cant figure out 1 thing.

I have an FC5 standalone desktop at home ; no networking , ssh or telnet.

When we say echo console > /etc/securetty and # out everything else I still cant log in as root.

However when I un# tty1 and try and login to run level 3 ; root is successfully able to login on tty1..the behaviour then is consistent for tty2,3,4 or any other terminal.

So now I go and rename the file /etc/securetty to securetty.old and try and login ; it shouldnt log me in right??? .. since there's no valid terminals at all...??
But it allows root in at Runlevel 3 and 5 ...without the file...

So now I "unrename" the file and we have the previous securetty with everything commented out and boom .. root cant login....

Whats the mystery??? Why does login(1) need a commented file but wont work on a blank file??

Also....this sounds silly...but I thought I'd ask... What do we mean by "console"???? .. I always thought that in a networking world .. console meant physically walking up to the machine and logging in .. but now I dont have any networking and I cant log in as root if I # everything out except console.....

Lastly /etc/pam.d/login has this ... not that I could understand it ... .. but I know that PAM controls authentication so I thought I'd put it in....
Code:
auth       required     pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so open
Do let me know what your views are and what I am missing.

Cheers
Arvind
 
Old 09-11-2006, 04:07 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I am running on an older RH system and I just tried your experiment with renaming securetty to securetty.old. With no file, it does seem to allow anything rather than allowing nothing as you might expect. Since I run in runlevel 3, I didn't check out trying to log into a GUI, which I gather is where your problem is.

I don't know if it will help, but in addition to the tty1, tty2, etc entries, my securetty file has entries like vc/1 vc/2, etc. for (I presume) the GUI logins. It is also possible your GUI login manager has a restriction about root. There could also be a graphical tool ("control panel" or something?) that controls this setting.
 
Old 09-11-2006, 01:07 PM   #3
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Original Poster
Rep: Reputation: 30
Thnx 4 replying...strange isnt it? ... even my securetty has vc/1 , vc/2 n the like ... I mean .. I know how to restrict the login but I cant understand the logic behind it .. which is more important... mebbe someone else will have something to say...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
About the /etc/securetty function ust Linux - General 1 03-10-2005 11:26 PM
About the /etc/securetty function ust Linux - General 2 03-10-2005 03:09 PM
/etc/securetty nabil_boussetta Linux - Security 4 10-13-2004 02:29 PM
Securetty Obie Linux - Security 2 05-31-2004 07:37 PM
securetty and login?? Nevyn2 Linux - Security 5 08-26-2003 03:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration