Home Page for the TeradataForum
 
https:

Archives of the TeradataForum

Message Posted: Mon, 21 Oct 2002 @ 17:47:08 GMT


     
  <Prev Next>   <<First <Prev
Next>
Last>>
 


Subj:   Re: Root logon from NON CONSOLE Terminals
 
From:   Charles Farley

Anomy Anom wrote:

  Has anyone else UNCOMMENTED the line in /etc/default/login (below this line) to prevent people logging in directly as root??  


  CONSOLE=/dev/console  



Yes, I've used this on a number of systems, it's nice, but if you are running any scripts remotely as root (another no-no), they may not be able to run. You can still log in as any id and "su -" to root (or just "su"), this will work just as nicely. There is also some usefulness in the bsd function of a "wheel" group on the system. This is a group that allows it's members some sysadmin functions on the system.

Back to the question, I've used this and liked it in a number of situations, but it can hinder some people's ideas of what they should or should not be able to do (I will point to the example of a professor at school that liked to login as root whenever he had an account on a box because "everything just works then..." Bad rationale as to why he needed root, and why he should login as root, but it was what he believed.

IMHO, there shouldn't be any reason for root to need to remotely login, whatever needs to be done, should be able to get done as a user su-ing to root from a user login session. However, it would be good to test (if possible) against your crontab file and any system checks you may have running that may or may not need to have remote root availability.


Hope this helps some,

loadc



     
  <Prev Next>   <<First <Prev
Next>
Last>>
 
 
 
 
 
 
 
 
 
  
  Top Home Privacy Feedback  
 
 
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 28 Jun 2020