user login by physical console only?
Honsinger at whs.wsd.wednet.edu
Fri Feb 23 16:35:49 PST 2001
Unfourtanetly, I am using X (runlevel 5, infact - like I said, the easier for
people to use the better in this case) I've got Mandrake 7.1, so I'll look at
the /etc/security/access.conf stuff. If anyone has any other suggestions let me
On Thu, 22 Feb 2001, you wrote:
> I believe this will work if you're not using X (since processes forked
> from X are allocated ptys). Edit /etc/login.access and to look more or
> less like this (you might have to adjust depending on the number of ttys
> you allocate at boot time):
> +:ALL:tty0 tty1 tty2 tty3 tty4 tty5
> This will allow anyone to log in on ttys 0 - 5, and deny otherwise.
> I don't have time to test it (would require me to physically log into my
> server to revert back) but this looks right, looking at the man page.
> ------------------------- .~.
> Michael Frank /v\
> msfrank at u.washington.edu // \\
> ------------------------ /( )\
> On Thu, 22 Feb 2001, Benjamin Honsinger wrote:
> > I believe I remember having once read about a way to specify that a certain
> > user can only login from the console, and not through _any_ services over a
> > network. Does someone know how to do this? And if so, does it mitigate security
> > concerns regarding the internet and that user? I'm asking because I have
> > several computers setup with _simple_ dictionary user names and passwords.
> > Obviously this could be a security concern, but having secure passwords isn't
> > very feasible (ie technology hating users who wouldn't stand for typing in
> > hard, long passwords). These users will only ever access the machine
> > physically.
> > As a side note, even if the password was secure, with everyone at school
> > knowing it, it could get on the internet easy, and a hacker could get it.
> > I do have all services like telnet, ftp, etc turned off, I'm just looking was
> > to continually improve security.
> > Thanks!
> > - Ben Honsinger
More information about the Linux