Linux equivalent to the solaris /etc/default/login file

Is there an equivalent linux file to the solaris /etc/default/login file which can define whether the root user can login across the network or only from the consol?

Thanks
chtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dorwardCommented:
0
garisoainCommented:
root access from console or network?

check:    /etc/inittab
it's well commented...

Hope this helps
-garisoain
0
tdaoudCommented:

It is the file /etc/securetty, there you add the terminals that you want to enable root login from.

Good luck,

Tarik
0
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

garisoainCommented:
=) yep... dorward is right... so is tdaoud, both comments refer to /etc/securetty.. =)

what i was thinking? =)
0
chtAuthor Commented:
Do you know what the line would be that needed to be included in the /etc/securetty file to allow root telnet access?

Thanks
0
tdaoudCommented:

You need to add the line

pts/0

for telnet terminal 1 and

pts/1

for second telnet session

So let's say you add

pts/0

if you are the only one to telnet at the server you can login, if someone else is already in a telnet session then you cannot unless you have

pts/1

and so on, so you need to determine the number of telnet sessions to allow for root to login from.

Tarik
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dorwardCommented:
Allowing root telnet access is a BAD BAD idea as passwords are sent across the network unencrypted.

You would be much better installing OpenSSH and using that as it will encrypt the data. (It also has other useful features such as data compression to speed up access over slow network connections)
0
tdaoudCommented:

I strongly agree with dorward security related remarks.

Tarik
0
dorwardCommented:
To take it a stage further, I do not install (or uninstall) telnetd from all my systems and allow all remote users access only through encrypted proticals. There are SSH clients for Windows users in the form of a terra term pro plug in, putty, and part of cygwin.
0
vsamtaniCommented:
I just tried adding pts/0 , pts/1 etc to my /etc/securetty and it didn't permit root login by telnet; however, adding the lines

0
1
2
3

allowed me to login as root from a telnet session. I don't know if this is something dependent on versions of login, telnetd, etc.

All the warnings above re insecurity of telnet are very valid - telnet simply should not be used over an insecure wire, which is more or less any wire other than a cross-over cable whose entire length you can see...

Vijay
0
tdaoudCommented:

I'm talking about RedHat version 7.1

It could be different for other versions of UNIX/Linux's

In the past I can't recall which RedHat version it used to be ttyp0, ttyp1, ...etc

One way I can tell the terminal name is while I'm logged in I would do the "who" command and it would show me the terminals names from where people are logging in from or at least mine if I was the only user telneting in.

Tarik
0
vsamtaniCommented:
Yes, I think it must be version-specific - I was just checking on a Redhat 6.1 system. The output from ps and who is misleading, though - it says pts/0 is where I am logged in, but this doesn't work for /etc/securetty. However, the clue (I think) is in /var/log/secure - I disabled /etc/securetty by renaming it, then telnetted in as root, and got a message in /var/log/secure saying:

Jul 26 16:31:13 gate login: ROOT LOGIN ON 2 FROM vs32

- note the LOGIN ON 2, rather than LOGIN ON PTS/2

Vijay
0
paulqnaCommented:
1) Install ssh and make sure this works (also after reboot)
2) Create empty /etc/securetty.
3) additionally: Restrix acces using /etc/hosts.allow /etc/hosts.deny

0
chtAuthor Commented:
Thanks for your help. I think I probably will restrict root access - but it's still good to know...
0
chtAuthor Commented:
Thanks for your help. I think I probably will restrict root access - but it's still good to know...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.