Re: Securetty: limits root login while allowing 'su -'

To: debian-security@lists.debian.org
Subject: Re: Securetty: limits root login while allowing 'su -'
From: "Tom Goulet (UID0)" <uid0@em.ca>
Date: Thu, 23 Oct 2003 23:33:28 +0000
Message-id: <[🔎] 20031023233328.GA736@nova.vor.em.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] slrnbpghvr.3o6.ennio@deby.ei.hnet>
References: <[🔎] slrnbpghvr.3o6.ennio@deby.ei.hnet>

On Thu, Oct 23, 2003 at 10:13:16PM +0000, Ennio-Sr wrote:

> I limited root login to two ttys only  (in /etc/securetty) but yesterday
> I discovered I could 'su -' to root in the excluded ttys.  Do you think
> this is normal behaviour

Yes.

| root@nova:/etc/pam.d# grep securetty *
| login:# Disallows root logins except on tty's listed in /etc/securetty
| login:auth       requisite  pam_securetty.so
| root@nova:/etc/pam.d# 

You could try adding this line to the </etc/securetty/su> file and see
what happens:
| auth       requisite  pam_securetty.so

Just make sure you can get to root in a way other than the <su> command
if things break.

-- 
Tom Goulet				mail: uid0@em.ca
UID0 Unix Consulting			web:  em.ca/uid0/

Reply to:

References:
- Securetty: limits root login while allowing 'su -'
  - From: "Ennio-Sr" <nasr.laili@tin.it>

Prev by Date: Securetty: limits root login while allowing 'su -'
Next by Date: Re: Securetty: limits root login while allowing 'su -'
Previous by thread: Securetty: limits root login while allowing 'su -'
Next by thread: Re: Securetty: limits root login while allowing 'su -'
Index(es):
- Date
- Thread