[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Linux equivalent to the solaris /etc/default/login file

Posted on 2001-07-25
15
Medium Priority
?
2,414 Views
Last Modified: 2013-12-05
Is there an equivalent linux file to the solaris /etc/default/login file which can define whether the root user can login across the network or only from the consol?

Thanks
0
Comment
Question by:cht
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +3
15 Comments
 
LVL 17

Expert Comment

by:dorward
ID: 6319415
0
 
LVL 4

Expert Comment

by:garisoain
ID: 6319525
root access from console or network?

check:    /etc/inittab
it's well commented...

Hope this helps
-garisoain
0
 
LVL 3

Expert Comment

by:tdaoud
ID: 6320616

It is the file /etc/securetty, there you add the terminals that you want to enable root login from.

Good luck,

Tarik
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 4

Expert Comment

by:garisoain
ID: 6320679
=) yep... dorward is right... so is tdaoud, both comments refer to /etc/securetty.. =)

what i was thinking? =)
0
 

Author Comment

by:cht
ID: 6321071
Do you know what the line would be that needed to be included in the /etc/securetty file to allow root telnet access?

Thanks
0
 
LVL 3

Accepted Solution

by:
tdaoud earned 200 total points
ID: 6321094

You need to add the line

pts/0

for telnet terminal 1 and

pts/1

for second telnet session

So let's say you add

pts/0

if you are the only one to telnet at the server you can login, if someone else is already in a telnet session then you cannot unless you have

pts/1

and so on, so you need to determine the number of telnet sessions to allow for root to login from.

Tarik
0
 
LVL 17

Expert Comment

by:dorward
ID: 6321455
Allowing root telnet access is a BAD BAD idea as passwords are sent across the network unencrypted.

You would be much better installing OpenSSH and using that as it will encrypt the data. (It also has other useful features such as data compression to speed up access over slow network connections)
0
 
LVL 3

Expert Comment

by:tdaoud
ID: 6321510

I strongly agree with dorward security related remarks.

Tarik
0
 
LVL 17

Expert Comment

by:dorward
ID: 6321751
To take it a stage further, I do not install (or uninstall) telnetd from all my systems and allow all remote users access only through encrypted proticals. There are SSH clients for Windows users in the form of a terra term pro plug in, putty, and part of cygwin.
0
 
LVL 5

Expert Comment

by:vsamtani
ID: 6322252
I just tried adding pts/0 , pts/1 etc to my /etc/securetty and it didn't permit root login by telnet; however, adding the lines

0
1
2
3

allowed me to login as root from a telnet session. I don't know if this is something dependent on versions of login, telnetd, etc.

All the warnings above re insecurity of telnet are very valid - telnet simply should not be used over an insecure wire, which is more or less any wire other than a cross-over cable whose entire length you can see...

Vijay
0
 
LVL 3

Expert Comment

by:tdaoud
ID: 6322425

I'm talking about RedHat version 7.1

It could be different for other versions of UNIX/Linux's

In the past I can't recall which RedHat version it used to be ttyp0, ttyp1, ...etc

One way I can tell the terminal name is while I'm logged in I would do the "who" command and it would show me the terminals names from where people are logging in from or at least mine if I was the only user telneting in.

Tarik
0
 
LVL 5

Expert Comment

by:vsamtani
ID: 6322544
Yes, I think it must be version-specific - I was just checking on a Redhat 6.1 system. The output from ps and who is misleading, though - it says pts/0 is where I am logged in, but this doesn't work for /etc/securetty. However, the clue (I think) is in /var/log/secure - I disabled /etc/securetty by renaming it, then telnetted in as root, and got a message in /var/log/secure saying:

Jul 26 16:31:13 gate login: ROOT LOGIN ON 2 FROM vs32

- note the LOGIN ON 2, rather than LOGIN ON PTS/2

Vijay
0
 
LVL 5

Expert Comment

by:paulqna
ID: 6330380
1) Install ssh and make sure this works (also after reboot)
2) Create empty /etc/securetty.
3) additionally: Restrix acces using /etc/hosts.allow /etc/hosts.deny

0
 

Author Comment

by:cht
ID: 6335308
Thanks for your help. I think I probably will restrict root access - but it's still good to know...
0
 

Author Comment

by:cht
ID: 6335309
Thanks for your help. I think I probably will restrict root access - but it's still good to know...
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question