-   Slackware (
-   -   Login's Access restrictions - wrong examples in the config file? (

BlackRider 09-17-2012 09:41 AM

Login's Access restrictions - wrong examples in the config file?
I have recently been playing with Slackware's 14.0 RC4 /etc/login.access file, which is designed to determinate who can log on where. The default file has lots of (commented) examples.

The examples suggest that the following line:

should disable console logins for the user "myuser", but it does not happen. I can still logon with "myuser" in the ttys after loading this rule.

Is it that the rule is obsolete, or just that I have misunderstood it? I have found BSD documentation supporting this syntax, but it seemed outdated...

The config file works as expected when the ttys are defined one by one:

-:myuser:/dev/tty1 /dev/tty2

jamesf 09-17-2012 11:29 AM

You're probably encountering the difference between the Linux concept of the "console" and the tty devices.

Sorry, I'm at work and don't have time to go into more detail, but googling "linux console device" and/or "linux console tty" should give you a start.

eternauta2001 09-17-2012 01:11 PM

Other option
A command to lock an user account is


# passwd -l myuser
For unlock:


# passwd -u myuser

BlackRider 09-17-2012 01:44 PM


Originally Posted by jamesf
You're probably encountering the difference between the Linux concept of the "console" and the tty devices.

That's the first thing I thought -I mean, do the "console" word include the local ttys? The information I gathered from the Internet before posting made me believe that the "console" location should have sufficed to lock the access of "myuser" from the tty of a regular desktop computer. It's evident that I was wrong.

, nice suggestion, but I don't want to lock the account. I would rather set a fake shell for the user (in fact, you can type 'echo "You are a looser. Fsck off!" > /etc/nologin' and it will be more fun :-D ) My objective here is to determinate how does login.access manage the "console" location and why it does not prevent people from login locally.

jamesf 09-18-2012 10:46 AM

Try the boot option "console=/dev/tty1" after setting up -:myuser:console That should set the linux console concept to /dev/tty1, and login attempts there should then run afoul of your rule. For extra fun you ought to be able to log in on /dev/tty2.

The console is a separate concept, and can be local, remote, serial, etc.

BlackRider 09-18-2012 11:49 AM


Try the boot option "console=/dev/tty1" after setting up -:myuser:console
Nice try, but it didn't work :-) I just passed console=/dev/tty1 to Lilo and logged in as myuser in tty1, disobeying the rule.

Is there a way to set the "console" variable with a live kernel running?

jamesf 09-19-2012 01:36 PM

You're beyond me with that one. Sorry.

AlleyTrotter 09-19-2012 02:00 PM

# The third field should be a list of one or more tty names

it does not mention console


BlackRider 09-19-2012 02:05 PM


it does not mention console
But the examples given in the config file do.

AlleyTrotter 09-19-2012 02:16 PM

so what is it
you say you are logging in from tty
but you are trying to restrict console


BlackRider 09-19-2012 02:21 PM

It is just that I supposed that "console" would include the virtual consoles, when it seems it doesn't :-)

wildwizard 09-20-2012 06:27 AM

The correct console= usage is just the device name not the full path

So "console=tty1" would work

Now for some weirdness

According to the docs on the kernel console should default to tty0 which should be the first tty (ALT+F1) however testing here shows that the first tty is actually tty1 (ALT+F1)

Now back to what you want to achieve according to the man page there are 2 more options you can use on that line ALL or LOCAL

So this should produce the result that you seem to be looking for :-

Assuming that the man page is any good.

All times are GMT -5. The time now is 10:37 AM.