Can't login console as root, works everywhere else, also difference between console / local?

Posted on 2007-09-28
Last Modified: 2013-12-16
In /etc/security/access.conf with CentOS (kernel 2.6.9-42.0.10.ELsmp) I have the following:

Which I thought would ALLOW root to login at the console, but it's not. I tried to login as another user on the console, also didn't allow.

Then I saw on the Internet some people using "CONSOLE" instead of "LOCAL" but I don't understand the difference.

I want root and others to be able to SSH and I want root to be able to login at the console.

Then I also saw + instead of - and now I'm just confused. I need it to work. I wouldn't even mind if everybody could logon at the console, although that's less desirable.

Question by:ldorazio
    LVL 8

    Expert Comment


    Author Comment

    That article is pretty good, it explains the - and + pretty well, but what about the LOCAL and CONSOLE, what is the difference if you list these two lines?



    Also, I'm using the top one, which I assume means "deny all users except allow root, on the local computer (not remote)", but it doesn't allow root to login locally (on the console).

    What's the diff of LOCAL and CONSOLE ?

    And if I want to just get rid of ALL of it, do I just delete the line, then there is no security?

    LVL 4

    Expert Comment

    My guess on the LOCAL vs CONSOLE would be that console is the physical console, ie the keyboard on the PC or one of it's alternates.  LOCAL would be using su to assume identity as root through whatever remote connection you are using.

    Again, that's my guess ...

    LVL 1

    Expert Comment

    hi, did you check your  /etc/securetty  file?
    does it include the line "console" ?
    also you have to check sshd configuration (/etc/ssh/sshd_config) to let people and root login :

    PermitRootLogin yes


    Author Comment

    Good ideas, but didn't help to resolve the issue. Appears to be problem between 32-bit and 64-bit OS, when Bastille scripts are installed.

    LVL 1

    Accepted Solution

    PAQed with points refunded (500)

    EE Admin

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
    Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now