[CHANGE PROPOSAL] The securetty file is empty by default

Przemek Klosowski przemek.klosowski at nist.gov
Thu Apr 3 21:46:42 UTC 2014


On 04/03/2014 10:32 AM, quickbooks office wrote:
> "3.1.4.2.2. Disabling Root Logins
>
> To further limit access to the root account, administrators can
> disable root logins at the console by editing the /etc/securetty file.
>
This is done in the name of accountability, by forcing an administrative 
login through an account attributable to a specific person. This, 
however, only makes sense if there _actually_are_ such individual 
accounts on the system.

Would this proposal be acceptable if it wasn't implemented if 'root' is 
the only account?

I personally don't think even such amended proposal is a reasonable 
default configuration, because systems authenticating against a domain, 
and having only one local (root) account, could lock the admin out if 
something happens to the network or to the domain server.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140403/f59d945c/attachment-0001.html>


More information about the devel mailing list