Hi,
for security reasons, I want to detain people from login in as root on the
X window system.
I didn't find the appropriate config file or parameter yet.
Any help would be appropriate!
Many thanks in advance,
Chris
|
|
0
|
|
|
|
Reply
|
 Christopher
|
12/10/2003 1:33:59 AM |
|
"Christopher Intemann" <me@privacy.net> wrote in message
news:br5t67$42m$1@gwdu112.gwdg.de...
> Hi,
> for security reasons, I want to detain people from login in as root on the
> X window system.
> I didn't find the appropriate config file or parameter yet.
> Any help would be appropriate!
> Many thanks in advance,
> Chris
Modify /etc/default/login
Add or uncomment the following:
CONSOLE=/dev/console
That will force root to only be able to login on the console.
Here is the sun ref for solaris 8:
http://docs.sun.com/db/doc/805-7229/6j6q8svde?a=view#secsys-11995
Brad
|
|
|
0
|
|
|
|
Reply
|
Brad
|
12/10/2003 1:58:02 AM
|
|
Hi Brad,
Brad <xxxxxxx@xxx.xxx> wrote:
> "Christopher Intemann" <me@privacy.net> wrote in message
> news:br5t67$42m$1@gwdu112.gwdg.de...
>> Hi,
>> for security reasons, I want to detain people from login in as root on the
>> X window system.
>> I didn't find the appropriate config file or parameter yet.
> Modify /etc/default/login
> Add or uncomment the following:
> CONSOLE=/dev/console
> That will force root to only be able to login on the console.
> Here is the sun ref for solaris 8:
> http://docs.sun.com/db/doc/805-7229/6j6q8svde?a=view#secsys-11995
Thank you for the hint.
Root login is already resticted to the local system.
Afaik you can uncomment the
CONSOLE=/dev/console
entry to allow root to login from remote via telnet e.g..
Anyway, even with this entry local login via the X-Window system is still
possible.
On my linux box, I can detain root from login in via X in the gdm or kdm
config file.
Probably on Solaris it is done via dt configuration, but I have no clue
where.
I'm just about to write a little script which checks the user ID and restarts
X if userid==0:-)
Nevertheless I would be happy to here about a better solution.
I played arround with /dev/passwd, but giving the /sbin/nologin shell to root
(I do not need console login at all, su is just fine) is not a good idea
either, as even su does not work anymore in that case.
Many thanks in advance,
Chris
|
|
|
0
|
|
|
|
Reply
|
Christopher
|
12/10/2003 2:19:51 AM
|
|
In article <br5vs7$521$1@gwdu112.gwdg.de>,
Christopher Intemann <inte@goe.net> wrote:
>Hi Brad,
>Brad <xxxxxxx@xxx.xxx> wrote:
>
>> "Christopher Intemann" <me@privacy.net> wrote in message
>> news:br5t67$42m$1@gwdu112.gwdg.de...
>>> Hi,
>>> for security reasons, I want to detain people from login in as root on the
>>> X window system.
>>> I didn't find the appropriate config file or parameter yet.
>
>> Modify /etc/default/login
>
>> Add or uncomment the following:
>
>> CONSOLE=/dev/console
>
>> That will force root to only be able to login on the console.
>
>> Here is the sun ref for solaris 8:
>> http://docs.sun.com/db/doc/805-7229/6j6q8svde?a=view#secsys-11995
>
>Thank you for the hint.
>Root login is already resticted to the local system.
>Afaik you can uncomment the
> CONSOLE=/dev/console
>entry to allow root to login from remote via telnet e.g..
>Anyway, even with this entry local login via the X-Window system is still
>possible.
>On my linux box, I can detain root from login in via X in the gdm or kdm
>config file.
>Probably on Solaris it is done via dt configuration, but I have no clue
>where.
>I'm just about to write a little script which checks the user ID and restarts
>X if userid==0:-)
>Nevertheless I would be happy to here about a better solution.
>I played arround with /dev/passwd, but giving the /sbin/nologin shell to root
>(I do not need console login at all, su is just fine) is not a good idea
>either, as even su does not work anymore in that case.
>Many thanks in advance,
> Chris
>
>
Just set your console to be the serial port. Then root can only log in on the
serial port. You can copy the /usr/dt/config/Xservers file to /etc/dt/config '
and edit it to run a non console graphics display
-Raf
|
|
|
0
|
|
|
|
Reply
|
raf
|
12/10/2003 2:33:05 AM
|
|
Christopher Intemann <me@privacy.net> writes:
>for security reasons, I want to detain people from login in as root on the
>X window system.
>I didn't find the appropriate config file or parameter yet.
>Any help would be appropriate!
>Many thanks in advance,
You could try creating "/.dtprofile" containing just
exit
I haven't tried, but that will probably abort attempts to do a root
startup, at least with CDE. You can probably still start a
"failsafe" session.
|
|
|
0
|
|
|
|
Reply
|
Neil
|
12/10/2003 3:18:39 AM
|
|
|
4 Replies
681 Views
(page loaded in 0.017 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25713 articles. 
78 followers. 