Can't login console as root, works everywhere else, also difference between console / local?

In /etc/security/access.conf with CentOS (kernel 2.6.9-42.0.10.ELsmp) I have the following:
-:ALL EXCEPT root:LOCAL

Which I thought would ALLOW root to login at the console, but it's not. I tried to login as another user on the console, also didn't allow.

Then I saw on the Internet some people using "CONSOLE" instead of "LOCAL" but I don't understand the difference.

I want root and others to be able to SSH and I want root to be able to login at the console.

Then I also saw + instead of - and now I'm just confused. I need it to work. I wouldn't even mind if everybody could logon at the console, although that's less desirable.



ldorazioAsked:
Who is Participating?
 
Computer101Connect With a Mentor Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0
 
MikkkCommented:
0
 
ldorazioAuthor Commented:
That article is pretty good, it explains the - and + pretty well, but what about the LOCAL and CONSOLE, what is the difference if you list these two lines?
-:ALL EXCEPT root:LOCAL

or

-:ALL EXCEPT root:CONSOLE

Also, I'm using the top one, which I assume means "deny all users except allow root, on the local computer (not remote)", but it doesn't allow root to login locally (on the console).

What's the diff of LOCAL and CONSOLE ?

And if I want to just get rid of ALL of it, do I just delete the line, then there is no security?

0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
avatechCommented:
My guess on the LOCAL vs CONSOLE would be that console is the physical console, ie the keyboard on the PC or one of it's alternates.  LOCAL would be using su to assume identity as root through whatever remote connection you are using.

Again, that's my guess ...

Cheers!
0
 
ilkerduranCommented:
hi, did you check your  /etc/securetty  file?
does it include the line "console" ?
also you have to check sshd configuration (/etc/ssh/sshd_config) to let people and root login :

PermitRootLogin yes

0
 
ldorazioAuthor Commented:
Good ideas, but didn't help to resolve the issue. Appears to be problem between 32-bit and 64-bit OS, when Bastille scripts are installed.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.