user login by physical console only?

michael scott frank msfrank at u.washington.edu
Thu Feb 22 18:59:08 PST 2001


I believe this will work if you're not using X (since processes forked
from X are allocated ptys). Edit /etc/login.access and to look more or
less like this (you might have to adjust depending on the number of ttys
you allocate at boot time):

+:ALL:tty0 tty1 tty2 tty3 tty4 tty5
-:ALL:ALL

This will allow anyone to log in on ttys 0 - 5, and deny otherwise.
I don't have time to test it (would require me to physically log into my
server to revert back) but this looks right, looking at the man page.

Michael


------------------------- .~.
Michael Frank /v\
msfrank at u.washington.edu // \\
------------------------ /( )\
^`~'^

On Thu, 22 Feb 2001, Benjamin Honsinger wrote:


> I believe I remember having once read about a way to specify that a certain

> user can only login from the console, and not through _any_ services over a

> network. Does someone know how to do this? And if so, does it mitigate security

> concerns regarding the internet and that user? I'm asking because I have

> several computers setup with _simple_ dictionary user names and passwords.

> Obviously this could be a security concern, but having secure passwords isn't

> very feasible (ie technology hating users who wouldn't stand for typing in

> hard, long passwords). These users will only ever access the machine

> physically.

> As a side note, even if the password was secure, with everyone at school

> knowing it, it could get on the internet easy, and a hacker could get it.

> I do have all services like telnet, ftp, etc turned off, I'm just looking was

> to continually improve security.

> Thanks!

>

> - Ben Honsinger

>




More information about the Linux mailing list