user login by physical console only?

Benjamin Honsinger Honsinger at whs.wsd.wednet.edu
Fri Feb 23 16:35:49 PST 2001


Unfourtanetly, I am using X (runlevel 5, infact - like I said, the easier for
people to use the better in this case) I've got Mandrake 7.1, so I'll look at
the /etc/security/access.conf stuff. If anyone has any other suggestions let me
know, thanks!

- Ben

On Thu, 22 Feb 2001, you wrote:

> I believe this will work if you're not using X (since processes forked

> from X are allocated ptys). Edit /etc/login.access and to look more or

> less like this (you might have to adjust depending on the number of ttys

> you allocate at boot time):

>

> +:ALL:tty0 tty1 tty2 tty3 tty4 tty5

> -:ALL:ALL

>

> This will allow anyone to log in on ttys 0 - 5, and deny otherwise.

> I don't have time to test it (would require me to physically log into my

> server to revert back) but this looks right, looking at the man page.

>

> Michael

>

>

> ------------------------- .~.

> Michael Frank /v\

> msfrank at u.washington.edu // \\

> ------------------------ /( )\

> ^`~'^

>

> On Thu, 22 Feb 2001, Benjamin Honsinger wrote:

>

> > I believe I remember having once read about a way to specify that a certain

> > user can only login from the console, and not through _any_ services over a

> > network. Does someone know how to do this? And if so, does it mitigate security

> > concerns regarding the internet and that user? I'm asking because I have

> > several computers setup with _simple_ dictionary user names and passwords.

> > Obviously this could be a security concern, but having secure passwords isn't

> > very feasible (ie technology hating users who wouldn't stand for typing in

> > hard, long passwords). These users will only ever access the machine

> > physically.

> > As a side note, even if the password was secure, with everyone at school

> > knowing it, it could get on the internet easy, and a hacker could get it.

> > I do have all services like telnet, ftp, etc turned off, I'm just looking was

> > to continually improve security.

> > Thanks!

> >

> > - Ben Honsinger

> >



More information about the Linux mailing list