Re: restricting logins on tty1
OK thanks for the info... I seem to have /etc/login.access working
now. The problem was as you had indicated... the user I was trying to
restrict was a member of my "root" group so unless I restrict him
explicitly with his own entry in login.access, he can also log in on
tty1. Other users are successfully banned from that terminal though.
As for why we're using group "root" and not "wheel," there's a little note
from RMS in the su man page... check it out. (Personally I disagree with
that thinking on this, but that's where the explanation is.)
On Sat, 8 Jan 2000, Ethan Benson wrote:
> /etc/login.access I am not sure about, I thought it was obsolete but
> i could be wrong.
>
> as for what your are trying to do not working, I am not sure, I have
> had problems trying to get access.conf and such to work right as
> well, either the docs are not quite good enough yet or something is
> still a bit buggy...
>
> one thing that could be causing the wheel group troubles is the
> ambiguity caused by gid 0 being called `root' just like uid 0, I
> personally just made a new group called wheel and use that to enforce
> the BSD style wheel group (only wheel members may su to root) but I
> did this more because i got tired of fixing packages which install
> all there files gid 0 writable. (i don't want halfway root
> permissions to the filesystem unless i actually switched to root)
>
> just out of curiosity why did GNU/Linux not follow the BSD semantics
> on the wheel group? and instead name gid 0 root and have it function
> as root's private (primary) group?
Reply to: