Re: Securetty: limits root login while allowing 'su -'
On Thu, Oct 23, 2003 at 10:13:16PM +0000, Ennio-Sr wrote:
> I limited root login to two ttys only (in /etc/securetty) but yesterday
> I discovered I could 'su -' to root in the excluded ttys. Do you think
> this is normal behaviour
Yes.
| root@nova:/etc/pam.d# grep securetty *
| login:# Disallows root logins except on tty's listed in /etc/securetty
| login:auth requisite pam_securetty.so
| root@nova:/etc/pam.d#
You could try adding this line to the </etc/securetty/su> file and see
what happens:
| auth requisite pam_securetty.so
Just make sure you can get to root in a way other than the <su> command
if things break.
--
Tom Goulet mail: uid0@em.ca
UID0 Unix Consulting web: em.ca/uid0/
Reply to: