restricting logins on tty1
Hi, I have a question pertaining to /etc/login.access. I seem to be a
little confused about exactly how this file is read by login.
The format is straightforward and makes sense but I am trying to restrict
tty1 to root logins and I can't seem to get it just right.
Here's what I have so far. Most of it is what came stock with the distro.
# Restrict tty to root (this is what I'm trying to accomplish):
-:ALL EXCEPT ROOT:tty1
# Disallow remote logins for certain users:
# Disallow console logins to all but a few accounts.
#
-:ALL EXCEPT root <user1> <user2> <user3>:console
#
# Disallow non-local logins to privileged accounts (group wheel).
#
-:root:ALL EXCEPT LOCAL
#
# Some accounts are not allowed to login from anywhere:
#
#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
#
# All other accounts are allowed to login from anywhere.
#
However, I can still log in as other users on tty1; the restriction
appears to not do anything. BUT, if I restrict a user directly, like so:
-:<user>:tty1
that user IS prevented from logging in on tty1.
Why does the first method fail? I should be able to do that, shouldn't I?
One other quickie: what's the functional difference between
/etc/login.access and /etc/security/access.conf? When I place
restrictions in the latter, nothing seems to happen, though the files are
in exactly the same format. What then is the purpose of the one in
/etc/security?
Thanks!!
Reply to: