disabling root logins -- HOWTO

To: debian-user@lists.debian.org
Subject: disabling root logins -- HOWTO
From: Will Trillich <will@serensoft.com>
Date: Wed, 8 Sep 2004 20:03:12 -0500
Message-id: <[🔎] 20040909010312.GC20267@serensoft.com>
Mail-followup-to: debian-user@lists.debian.org

we wanted to disable root logins (i.e. make it so that the only
way to acquire root is via sudo or su after being logged in as a
valid non-root user -- much better for tracking who's done what).

/etc/pam.d/login contains

	# Disallows root logins except on tty's listed in /etc/securetty
	# (Replaces the `CONSOLE' setting from login.defs)
	auth       requisite  pam_securetty.so

and /etc/securetty contains nothing but comments -- and still we
could login from Out There (internet anywhere) as root.

aha!

/etc/pam.d/ssh contains instrux for ssh connections, and that's
what we were using to connect -- ssh!

after copying the above lines into /etc/pam.d/ssh (immediately
below the

	auth       required     pam_nologin.so

line) all is well.

yesss! suddenly, root can't log in, not even via ssh. and to be
certain, we still can log in as non-root from wherever, and then
sudo and su when necessary. delightful!

===

if there's other intervening traps to look for, we'd like to
know about it. comments welcome.

-- 
I use Debian/GNU Linux version 3.0;
Linux boss 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
 
DEBIAN NEWBIE TIP #48 from Will Trillich <will@serensoft.com>
:
To peruse your CURRENT VIM SETTINGS (there's LOTS of them)
from within Vim, simply do
	:options
You can change them there, on-the-fly, as well. Type
"ctrl-W ctrl-W" to switch "panes" or "ctrl-W q" to close one.
Try ":help" to learn more.

Reply to:

Follow-Ups:
- Re: disabling root logins -- HOWTO
  - From: Malin <HolyLight@gmail.com>

Prev by Date: Re: command to answer "what's your OS"
Next by Date: sarge vs spamassassin
Previous by thread: Help !! :D
Next by thread: Re: disabling root logins -- HOWTO
Index(es):
- Date
- Thread