[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: comp.sys.hp.hpux FAQ
Previous Document: 5.1.2 Why are mail files in /var/mail owned by 'daemon' instead of the recipient?
Next Document: 5.1.4 How can I disable non-root logins?
-
Search the FAQ Archives
Single Page
Top Document: comp.sys.hp.hpux FAQ
Previous Document: 5.1.2 Why are mail files in /var/mail owned by 'daemon' instead of the recipient?
Next Document: 5.1.4 How can I disable non-root logins?
5.1.3 How can I restrict regular users from logging in at the console?
Added: 04/02/01
For a terminal console
======================
If the /etc/securetty file is present, login security is in effect.
User root is only allowed to log in successfully on the ttys listed in
this file. Restricted ttys are listed by device name, one per line.
Valid tty names are dependent on the installation. So to restrict root
logins to only the console:
# echo console >/etc/securetty
The use of /etc/securetty is documented in login(1).
For a CDE console
=================
Create a file named 'nologin' in /etc/:
# >/etc/nologin
Then add something like this to your /etc/dt/config/Xstartup file:
if pwget -n "$USER" | awk -F: '{exit !($3 == 0)}'; then
if [ -f /etc/nologin ] || \
grep '^console$' /etc/securetty >/dev/null 2>&1; then
echo "[$(date)] non-root login attempt from CDE console -" \
"access denied" >>/var/adm/console_login_attempts_log
exit 1
fi
fi
See dtlogin(1) for a detailed description of the Xstartup file.
Top Document: comp.sys.hp.hpux FAQ
Previous Document: 5.1.2 Why are mail files in /var/mail owned by 'daemon' instead of the recipient?
Next Document: 5.1.4 How can I disable non-root logins?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
hpux.faq@gmail.com
Last Update July 24 2008 @ 00:14 AM