Hi Guys,
I'm just a bit confused with the behaviour of /etc/securetty.While I've read through a number of posts and articles which say that /etc/securetty contains a list of terminals root can login on I cant figure out 1 thing.
I have an FC5 standalone desktop at home ; no networking , ssh or telnet.
When we say echo console > /etc/securetty and # out everything else I still cant log in as root.
However when I un# tty1 and try and login to run level 3 ; root is successfully able to login on tty1..the behaviour then is consistent for tty2,3,4 or any other terminal.
So now I go and rename the file /etc/securetty to securetty.old and try and login ; it shouldnt log me in right??? .. since there's no valid terminals at all...??
But it allows root in at Runlevel 3 and 5 ...without the file...
So now I "unrename" the file and we have the previous securetty with everything commented out and boom .. root cant login....
Whats the mystery??? Why does login(1) need a commented file but wont work on a blank file??
Also....this sounds silly...but I thought I'd ask... What do we mean by "console"???? .. I always thought that in a networking world .. console meant physically walking up to the machine and logging in .. but now I dont have any networking and I cant log in as root if I # everything out except console.....
Lastly /etc/pam.d/login has this ... not that I could understand it ...
.. but I know that PAM controls authentication so I thought I'd put it in....
Code:
auth required pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so open
Do let me know what your views are and what I am missing.
Cheers
Arvind